Scroll to navigation

HTMLDocument.ConversionSafety(3kaya) Kaya module reference HTMLDocument.ConversionSafety(3kaya)

NAME

HTMLDocument::ConversionSafety - The conversion safety level for String->HTML conversion

SYNOPSIS

HTMLDocument::ConversionSafety< >
= Safe()
| Unsafe()
| VeryUnsafe()

DESCRIPTION

If you are using the InlineOnly or AllElements option for HTMLDocument.WhiteList (3kaya) you can choose various sets of elements and attributes to allow.
- Safe - a very restricted set of elements and attributes is allowed. Hyperlinks, images, forms, scripting, inline styles and so on are not allowed.
- Unsafe - As Safe , but hyperlinks, images and client-side scripting are allowed. Some cross-site scripting is possible as a result.
- VeryUnsafe - As Unsafe , but form controls are also allowed. This allows some potentially very nasty cross-site scripting attacks to be carried out with ease if an attacker is able to influence the String being converted, so use this with extreme caution.
None of these allow the direct addition of <script> elements or the onX event handlers.

AUTHORS

Kaya standard library by Edwin Brady, Chris Morris and others (kaya@kayalang.org). For further information see http://kayalang.org/

LICENSE

The Kaya standard library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License (version 2.1 or any later version) as published by the Free Software Foundation.

RELATED

HTMLDocument.WhiteList (3kaya)
HTMLDocument.readFromString (3kaya)
August 2014 Kaya