\nThe HTML Sanitizer Service sanitizes some HTML fields\nto remove potential cross-site scripting attack in them.\n
", "extensionPoints": [ { "@type": "NXExtensionPoint", "componentId": "org.nuxeo.ecm.platform.htmlsanitizer.HtmlSanitizerService", "descriptors": [ "org.nuxeo.ecm.platform.htmlsanitizer.HtmlSanitizerAntiSamyDescriptor" ], "documentation": "\n The following allows you to change the AntiSamy policy file:\n\n\n \n \n",
"documentationHtml": "\nThe following allows you to change the AntiSamy policy file:\n
\n
<antisamy policy="some-file.xml"/>\n\n \n note \n comment:text \n \n\n\n\n The following specifies that only the note field of the Note type\n will be sanitized:\n\n \n \n Note \n note \n \n\n\n\n The following example disables a sanitizer:\n\n \n \n \n\n\n Sanitizing can also be enabled on a field only if a field has a given value.\n This is useful when the same document field can contain text, html or wiki markup.\n For a webpage, you may want to only sanitize the webpages that are using HTML.\n Here is an example configuration.\n\n \n \n webp:content \n \n\n\n\n In this example the field webp:content will be sanitized only when\n the String representation of the webp:isRichtext is \"true\".\n\n If you want to not\n sanitize when a given value is present, use:\n\n \n \n note \n \n\n",
"documentationHtml": "\nSpecify the types of documents and fields to sanitize.\n
\nThe following example configures just based on field\nnames:\n
\n
<sanitizer name="foo">\n <field>note</field>\n <field>comment:text</field>\n </sanitizer>\n\nThe following specifies that only the note field of the Note type\nwill be sanitized:\n
\n
<sanitizer name="foo">\n <type>Note</type>\n <field>note</field>\n </sanitizer>\n\nThe following example disables a sanitizer:\n
\n
<sanitizer enabled="false" name="default"/>\n\nSanitizing can also be enabled on a field only if a field has a given value.\nThis is useful when the same document field can contain text, html or wiki markup.\nFor a webpage, you may want to only sanitize the webpages that are using HTML.\nHere is an example configuration.\n
\n
<sanitizer name="foo">\n <field filter="webp:isRichtext" filterValue="true">webp:content</field>\n </sanitizer>\n\nIn this example the field webp:content will be sanitized only when\nthe String representation of the webp:isRichtext is "true".\n
\nIf you want to not\nsanitize when a given value is present, use:\n
\n
<sanitizer name="foo">\n <field filter="mime_type" filterValue="text/plain" sanitize="false">note</field>\n </sanitizer>\n\n \n note \n comment:text \n \n \n\n The following specifies that only the note field of the Note type\n will be sanitized:\n\n \n \n Note \n note \n \n \n\n The following example disables a sanitizer:\n\n \n \n\n Sanitizing can also be enabled on a field only if a field has a given value.\n This is useful when the same document field can contain text, html or wiki markup.\n For a webpage, you may want to only sanitize the webpages that are using HTML.\n Here is an example configuration.\n\n \n \n webp:content \n \n \n\n In this example the field webp:content will be sanitized only when\n the String representation of the webp:isRichtext is \"true\".\n\n If you want to not sanitize when a given value is present, use:\n\n \n \n note \n \n \n\n \n \n \n