URL protocol rules (whitelists)
Whitelist active content for IBM Connections based on the protocol specified within URLs.
The URL protocol rules specify which protocols are allowed within the HTML source code of
uploaded content. URL protocols appear within a variety elements, such as:
- The
href
attribute in<a>
and<area>
tags - The
src
attribute in<iframe>, <img>, <audio>
, and<video>
tags - The
cite
atttribute in<q>
tags
The following protocols are allowed by default: http
, https
,
mailto
, ftp
, and tel
.
The following rules can be used to tailor the allowed protocols to your needs; these rules can be used in conjunction with one another.
- allowStandardUrlProtocols
- Allows URLs containing any of the following (default) protocols:
http
https
mailto
ftp
tel
Usage:<allowStandardUrlProtocols enabled="true" />
To allow a different set of URL protocols, apply the allowUrlProtocols rule instead.
- allowUrlProtocols
- Allows URLs containing only protocols that you specify with this rule. Use this rule when you
only want to whitelist a small set of URL protocols. This rule can be used in conjunction with
AllowStandardUrlProtocols.Usage
<allowUrlProtocols> <protocol name="ftp" /> <protocol name="tel" /> <protocol name="notes" /> <protocol name="file" /> </allowUrlProtocols>
- disallowUrlProtocols
- Allows you to reverse an earlier "allow"
rule.Usage:
<disallowUrlProtocols> <protocol name="javascript" /> <protocol name="vbscript" /> </disallowUrlProtocols>