grav-lecampus/system/config/security.yaml

xss_whitelist: [admin.super] # Whitelist of user access that should 'skip' XSS checking
xss_enabled:
    on_events: true
    invalid_protocols: true
    moz_binding: true
    html_inline_styles: true
    dangerous_tags: true
xss_dangerous_tags:
    - applet
    - meta
    - xml
    - blink
    - link
    - style
    - script
    - embed
    - object
    - iframe
    - frame
    - frameset
    - ilayer
    - layer
    - bgsound
    - title
    - base
uploads_dangerous_extensions:
    - php
    - html
    - htm
    - js
    - exe
first commit 2019-03-28 17:57:56 +01:00			`xss_whitelist: [admin.super] # Whitelist of user access that should 'skip' XSS checking`
			`xss_enabled:`
			`on_events: true`
			`invalid_protocols: true`
			`moz_binding: true`
			`html_inline_styles: true`
			`dangerous_tags: true`
			`xss_dangerous_tags:`
			`- applet`
			`- meta`
			`- xml`
			`- blink`
			`- link`
			`- style`
			`- script`
			`- embed`
			`- object`
			`- iframe`
			`- frame`
			`- frameset`
			`- ilayer`
			`- layer`
			`- bgsound`
			`- title`
			`- base`
			`uploads_dangerous_extensions:`
			`- php`
			`- html`
			`- htm`
			`- js`
			`- exe`