Try OpenEdge Now
skip to main content
Server Administrator's Guide
Business Process Server web security : XSS handler implementation : Sanitizing HTML text
 

Sanitizing HTML text

The default implementation uses the Tag White list approach in which all accepted tags along with accepted attributes are taken from the configuration file. Only those tags that are meant to be accepted in the configuration file are accepted. The action on all unknown or unaccepted tags are taken based on the configuration set as explained in XSS actions.