HTMLDocument.ConversionSafety(3kaya)
NAME
HTMLDocument::ConversionSafety - The conversion safety level for
String->HTML conversion
SYNOPSIS
HTMLDocument::ConversionSafety< > = Safe() | Unsafe() | VeryUnsafe()
DESCRIPTION
- If you are using the InlineOnly or AllElements option for HTMLDocument.WhiteList (3kaya) you can choose various sets of elements and
attributes to allow.
- - Safe - a very restricted set of elements and attributes is allowed. Hyperlinks, images, forms, scripting, inline styles and so on are not allowed.
- - Unsafe - As Safe , but hyperlinks, images and client-side scripting are allowed. Some cross-site scripting is possible as a result.
- - VeryUnsafe - As Unsafe , but form controls are also allowed. This allows some potentially very nasty cross-site scripting attacks to be carried out with ease if an attacker is able to influence the String being converted, so use this with extreme caution.
None of these allow the direct addition of <script> elements or the onX event handlers.
AUTHORS
Kaya standard library by Edwin Brady, Chris Morris and others
(kaya@kayalang.org). For further information see http://kayalang.org/
LICENSE
The Kaya standard library is free software; you can redistribute it
and/or modify it under the terms of the GNU Lesser General Public
License (version 2.1 or any later version) as published by the Free
Software Foundation.
RELATED
- HTMLDocument.WhiteList (3kaya) HTMLDocument.readFromString (3kaya)