NAME¶
HTMLDocument::ConversionSafety - The conversion safety level for String->HTML
conversion
SYNOPSIS¶
HTMLDocument::ConversionSafety< >
-
- = Safe()
-
- | Unsafe()
-
- | VeryUnsafe()
DESCRIPTION¶
If you are using the
InlineOnly or
AllElements option for
HTMLDocument.WhiteList (3kaya) you can choose various sets of elements
and attributes to allow.
-
- - Safe - a very restricted set of elements and attributes is
allowed. Hyperlinks, images, forms, scripting, inline styles and so on are
not allowed.
-
- - Unsafe - As Safe , but hyperlinks, images and
client-side scripting are allowed. Some cross-site scripting is possible
as a result.
-
- - VeryUnsafe - As Unsafe , but form controls are also
allowed. This allows some potentially very nasty cross-site scripting
attacks to be carried out with ease if an attacker is able to influence
the String being converted, so use this with extreme caution.
None of these allow the direct addition of <script> elements or the
onX
event handlers.
AUTHORS¶
Kaya standard library by Edwin Brady, Chris Morris and others
(kaya@kayalang.org). For further information see
http://kayalang.org/
LICENSE¶
The Kaya standard library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public License (version
2.1 or any later version) as published by the Free Software Foundation.
HTMLDocument.WhiteList (3kaya)
HTMLDocument.readFromString (3kaya)