Versions Compared

Old Version 3

changes.mady.by.user Kartik Verma (Deactivated)

Saved on

compared with

New Version 4

changes.mady.by.user Kartik Verma (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

Table of Contents

Summary

In order to enhance security while using HTML Include Replace, a configuration page has been implemented which provides the Administrator with control over the accessibility of the Macro.

Fields

FieldDescription
Exclude scriptsThis is the global setting for disabling Scripting to be used by the Macro. By setting this field checked, it will result in exclusion of scripts within the URL provided.
Custom error message

custom error message is encountered explicitly when the user is accessing a non-white-listed URL. The purpose of this is to provide information as to whom to contact/reason for the error. 

Important: Default message will be used when accessing the configure screen first time or when the field value is not provided.

Default message: xhtml+html-include-replace; The URL specified is not whitelisted. Please speak to a system administrator.

Full URLThis is where the URL is specified.
Plain or RegexWhile specifying the URL, you have to select either Plain or Regex type.
Sort by

Allows you to sort the list by the following criteria:

  • A to Z
  • Z to A
  • Ascending ID
  • Descending ID

Example 1

I want to access the http://localhost URL by White listing it and disable scripting to enhance security. If the user tries to access a non-white-listed URL, I want to display my custom error message.

...

Console output once the Exclude Scripts is set to False under Preview mode:

Example 2

Accessing a non-white-listed URL:

WhiteListed URLs and Macro:

Image AddedImage Added