security.yaml 749 B

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647
  1. xss_whitelist: [admin.super] # Whitelist of user access that should 'skip' XSS checking
  2. xss_enabled:
  3. on_events: true
  4. invalid_protocols: true
  5. moz_binding: true
  6. html_inline_styles: true
  7. dangerous_tags: true
  8. xss_invalid_protocols:
  9. - javascript
  10. - livescript
  11. - vbscript
  12. - mocha
  13. - feed
  14. - data
  15. xss_dangerous_tags:
  16. - applet
  17. - meta
  18. - xml
  19. - blink
  20. - link
  21. - style
  22. - script
  23. - embed
  24. - object
  25. - iframe
  26. - frame
  27. - frameset
  28. - ilayer
  29. - layer
  30. - bgsound
  31. - title
  32. - base
  33. uploads_dangerous_extensions:
  34. - php
  35. - php2
  36. - php3
  37. - php4
  38. - php5
  39. - phar
  40. - phtml
  41. - html
  42. - htm
  43. - shtml
  44. - shtm
  45. - js
  46. - exe
  47. sanitize_svg: true