Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Summary

In order to enhance security while using HTML Include Replace, a configuration page has been implemented which provides the Administrator with control over the accessibility of the Macro.

Configuration Fields

FieldDescription
Exclude scriptsThis is the global setting for disabling Scripting to be used by the Macro. By setting this field checked, it will result in exclusion of scripts within the URL provided.
Custom error message

custom error message is encountered explicitly when the user is accessing a non-white-listed URL. The purpose of this is to provide information as to whom to contact/reason for the error. 

Important: Default message will be used when accessing the configure screen first time or when the field value is not provided.

Default message: xhtml+html-include-replace; The URL specified is not whitelisted. Please speak to a system administrator.

Full URLThis is where the URL is specified.
Plain or RegexWhile specifying the URL, you have to select either Plain or Regex type.
Sort by

Allows you to sort the list by the following criteria:

  • A to Z
  • Z to A
  • Ascending ID
  • Descending ID

Example 1

I want to access the http://localhost URL by White listing it and disable scripting to enhance security. If the user tries to access a non-white-listed URL, I want to display my custom error message.

Accessing localhost in browser (the URL contains 6 scripts in total as shown in the console):

Script Exclusion + Custom Error Message and White-listed URL has been set (Plain type):

Accessing localhost in the Macro:

Console output:

Even with Include Scripts set to true does not override the setting of Exclude Scripts (set to True) in the Configuration.

Console output once the Exclude Scripts is set to False under Preview mode:

Example 2

Accessing a non-white-listed URL:

WhiteListed URLs and Macro:



  • No labels