And attributes – Apple Mac OS X Server (Extending Your Wiki Server For Version 10.5 Leopard) User Manual
Page 30
30
This chapter describes how to enable specific protocols, CSS
styles, and HTML tags and attributes.
The default wiki server setup simplifies administration by automatically removing
potentially harmful protocols, CSS styles, and HTML tags and attributes. The wiki server
is capable of allowing all protocols, CSS styles, and HTML tags and attributes.
The wiki server uses two whitelist files (a built-in whitelist and a custom whitelist) to
determine allowed protocols, CSS styles, and HTML tags and attributes. Elements that
appear in either of these whitelists are allowed, and all other elements are disallowed.
The built-in whitelist includes common, usually harmless, elements. It doesn’t include
potentially harmful tags like embed, param, object, and script. To embed Flash or
YouTube in your site, you’ll need to include some of these tags. If you create a custom
whitelist, you can allow these elements, along with new styles (such as font-size) and
protocols (such as irc and scp).
These whitelists affect all wikis on the server.
WARNING:
Some protocols, HTML tags and attributes can compromise your
server’s security and integrity, or harm users who connect to your server. Make
sure you understand the implications of whatever you enable. For example,
allowing JavaScript introduces security vulnerabilities such as cross-site scripting.
For information about cross-site scripting, see
.
2
Allowing Specific Protocols,
CSS Styles, and HTML Tags
and Attributes