NAME¶
HTMLDocument::ConversionSafety - The conversion safety level for String->HTML
conversion
SYNOPSIS¶
HTMLDocument::ConversionSafety< >
-
- = Safe()
-
- | Unsafe()
-
- | VeryUnsafe()
DESCRIPTION¶
If you are using the
InlineOnly or
AllElements option for
HTMLDocument.WhiteList (3kaya) you can choose various sets of elements
and attributes to allow.
-
- - Safe - a very restricted set of elements and
attributes is allowed. Hyperlinks, images, forms, scripting, inline styles
and so on are not allowed.
-
- - Unsafe - As Safe , but hyperlinks, images
and client-side scripting are allowed. Some cross-site scripting is
possible as a result.
-
- - VeryUnsafe - As Unsafe , but form
controls are also allowed. This allows some potentially very nasty
cross-site scripting attacks to be carried out with ease if an attacker is
able to influence the String being converted, so use this with extreme
caution.
None of these allow the direct addition of <script> elements or the
onX
event handlers.
AUTHORS¶
Kaya standard library by Edwin Brady, Chris Morris and others
(kaya@kayalang.org). For further information see
http://kayalang.org/
LICENSE¶
The Kaya standard library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public License (version
2.1 or any later version) as published by the Free Software Foundation.
HTMLDocument.WhiteList (3kaya)
HTMLDocument.readFromString (3kaya)