beautypg.com

And attributes – Apple Mac OS X Server (Extending Your Wiki Server For Version 10.5 Leopard) User Manual

Page 30

background image

30

This chapter describes how to enable specific protocols, CSS

styles, and HTML tags and attributes.

The default wiki server setup simplifies administration by automatically removing
potentially harmful protocols, CSS styles, and HTML tags and attributes. The wiki server
is capable of allowing all protocols, CSS styles, and HTML tags and attributes.

The wiki server uses two whitelist files (a built-in whitelist and a custom whitelist) to
determine allowed protocols, CSS styles, and HTML tags and attributes. Elements that
appear in either of these whitelists are allowed, and all other elements are disallowed.

The built-in whitelist includes common, usually harmless, elements. It doesn’t include
potentially harmful tags like embed, param, object, and script. To embed Flash or
YouTube in your site, you’ll need to include some of these tags. If you create a custom
whitelist, you can allow these elements, along with new styles (such as font-size) and
protocols (such as irc and scp).

These whitelists affect all wikis on the server.

WARNING:

Some protocols, HTML tags and attributes can compromise your

server’s security and integrity, or harm users who connect to your server. Make
sure you understand the implications of whatever you enable. For example,
allowing JavaScript introduces security vulnerabilities such as cross-site scripting.
For information about cross-site scripting, see
http://en.wikipedia.org/wiki/Cross-site_scripting.

2

Allowing Specific Protocols,

CSS Styles, and HTML Tags

and Attributes