grav-lecampus/system/config/security.yaml

xss_whitelist: [admin.super] # Whitelist of user access that should 'skip' XSS checking
xss_enabled:
    on_events: true
    invalid_protocols: true
    moz_binding: true
    html_inline_styles: true
    dangerous_tags: true
xss_invalid_protocols:
    - javascript
    - livescript
    - vbscript
    - mocha
    - feed
    - data
xss_dangerous_tags:
    - applet
    - meta
    - xml
    - blink
    - link
    - style
    - script
    - embed
    - object
    - iframe
    - frame
    - frameset
    - ilayer
    - layer
    - bgsound
    - title
    - base
uploads_dangerous_extensions:
    - php
    - php2
    - php3
    - php4
    - php5
    - phar
    - phtml
    - html
    - htm
    - shtml
    - shtm
    - js
    - exe
sanitize_svg: true
first commit 2019-03-28 17:57:56 +01:00			`xss_whitelist: [admin.super] # Whitelist of user access that should 'skip' XSS checking`
			`xss_enabled:`
			`on_events: true`
			`invalid_protocols: true`
			`moz_binding: true`
			`html_inline_styles: true`
			`dangerous_tags: true`
updated core to 1.7.15 2021-05-27 18:17:50 +02:00			`xss_invalid_protocols:`
			`- javascript`
			`- livescript`
			`- vbscript`
			`- mocha`
			`- feed`
			`- data`
first commit 2019-03-28 17:57:56 +01:00			`xss_dangerous_tags:`
			`- applet`
			`- meta`
			`- xml`
			`- blink`
			`- link`
			`- style`
			`- script`
			`- embed`
			`- object`
			`- iframe`
			`- frame`
			`- frameset`
			`- ilayer`
			`- layer`
			`- bgsound`
			`- title`
			`- base`
			`uploads_dangerous_extensions:`
			`- php`
maj 2024-06-07 14:19:08 +02:00			`- php2`
			`- php3`
			`- php4`
			`- php5`
			`- phar`
			`- phtml`
first commit 2019-03-28 17:57:56 +01:00			`- html`
			`- htm`
maj 2024-06-07 14:19:08 +02:00			`- shtml`
			`- shtm`
first commit 2019-03-28 17:57:56 +01:00			`- js`
			`- exe`
updated core to 1.7.15 2021-05-27 18:17:50 +02:00			`sanitize_svg: true`