This configuration specifies what action to take on the tags that are not accepted in the user data.
Note: All the outputs given under each section are based on the input data. (<b>This is bold text <script>alert("hi")</script></b>) where the script tag is not allowed.
The possible values are:
FILTE — Removes the tag, but keeps the content.
Output: <b> This is bold text alert("hi") </b>
REMOVE — Removes tag along with the content in it.
Output: <b> This is bold text </b>
ENCODE — Encodes the tag, so that the tag with the content is displayed, but not executed when rendered in the browser.
Output: <b>This is bold text <script>alert("hi")</script></b>
THROW_EXCEPTION — Throws exceptions to the user.
It throws an exception to the user. This is not recommended.
APPLY_CDATA -> Applies the content with the CDATA tag.
Output: <b> This is bold text <![CDATA[ <script>alert("hi")</script>>]]>
Based on the needs of your application security levels, you can decide what option to use for your application.
FILTE — Removes the tag, but keeps the content.