security.yaml 659 B

123456789101112131415161718192021222324252627282930313233343536373839
  1. xss_whitelist: [admin.super] # Whitelist of user access that should 'skip' XSS checking
  2. xss_enabled:
  3. on_events: true
  4. invalid_protocols: true
  5. moz_binding: true
  6. html_inline_styles: true
  7. dangerous_tags: true
  8. xss_invalid_protocols:
  9. - javascript
  10. - livescript
  11. - vbscript
  12. - mocha
  13. - feed
  14. - data
  15. xss_dangerous_tags:
  16. - applet
  17. - meta
  18. - xml
  19. - blink
  20. - link
  21. - style
  22. - script
  23. - embed
  24. - object
  25. - iframe
  26. - frame
  27. - frameset
  28. - ilayer
  29. - layer
  30. - bgsound
  31. - title
  32. - base
  33. uploads_dangerous_extensions:
  34. - php
  35. - html
  36. - htm
  37. - js
  38. - exe
  39. sanitize_svg: true