| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 |
- xss_whitelist: [admin.super] # Whitelist of user access that should 'skip' XSS checking
- xss_enabled:
- on_events: true
- invalid_protocols: true
- moz_binding: true
- html_inline_styles: true
- dangerous_tags: true
- xss_invalid_protocols:
- - javascript
- - livescript
- - vbscript
- - mocha
- - feed
- - data
- xss_dangerous_tags:
- - applet
- - meta
- - xml
- - blink
- - link
- - style
- - script
- - embed
- - object
- - iframe
- - frame
- - frameset
- - ilayer
- - layer
- - bgsound
- - title
- - base
- uploads_dangerous_extensions:
- - php
- - php2
- - php3
- - php4
- - php5
- - phar
- - phtml
- - html
- - htm
- - shtml
- - shtm
- - js
- - exe
- sanitize_svg: true
|
