security.yaml 534 B

12345678910111213141516171819202122232425262728293031
  1. xss_whitelist: [admin.super] # Whitelist of user access that should 'skip' XSS checking
  2. xss_enabled:
  3. on_events: true
  4. invalid_protocols: true
  5. moz_binding: true
  6. html_inline_styles: true
  7. dangerous_tags: true
  8. xss_dangerous_tags:
  9. - applet
  10. - meta
  11. - xml
  12. - blink
  13. - link
  14. - style
  15. - script
  16. - embed
  17. - object
  18. - iframe
  19. - frame
  20. - frameset
  21. - ilayer
  22. - layer
  23. - bgsound
  24. - title
  25. - base
  26. uploads_dangerous_extensions:
  27. - php
  28. - html
  29. - htm
  30. - js
  31. - exe