Configuring legacy active content filters (legacy ACF)
HCL Connections™ legacy active content filtering (legacy ACF) uses rules that allow you to block specific content (a blacklist mechanism). Although the new mechanism to whitelist allowed active content (introduced in V6.0 CR1) is considered to be more secure, you can still use the legacy mechanism to blacklist content.
Before you begin
To edit configuration files, you must use the wsadmin client. See Starting the wsadmin client for details.
About this task
The active content filtering configuration files are shipped with Connections and are stored in the LotusConnections-config\extern directory. To change the level of filtering that is performed by the active content filter, replace the default configuration file with one of the configuration files.
Default legacy ACF processing for Activities, Communities and Bookmarks
- JavaScript coding is stripped from all posts and pages.
- Content formatting is allowed within rich text fields, and HTML styles can be added.
- Flash animations are permitted.
You can use the following configuration files to filter, or blacklist, content for Blogs, Wikis, and Forums:
- acf-config-nf.xml
- Allows style changes, but strips forms and Flash animations. The types of forms that are not allowed are form HTML elements. Form HTML elements are used to add things like buttons or fields to a web page.
- acf-config-nf-ns.xml
- Prevents style changes and strips forms and Flash animations.
- acf-config-nm.xml
- Prevents users from changing the margins on images. By default, these applications permit image margin changes.
- acf-config-ns.xml
- Allows forms, but strips style changes and Flash animations. Preventing style changes affects rich text fields. If you configure the active content filter to prevent style changes, then users will not be able to perform the common tasks associated with changing the style of rich text content, such as changing the font color, margins, and so on.
Default legacy ACF processing for Activities, Communities and Bookmarks
- Content formatting is allowed within rich text fields, but HTML styles cannot be added.
- JavaScript coding is stripped from all entries.
- Flash animations are not permitted.
You can use the following configuration files to filter, or blacklist, content for Activities, Communities, and Bookmarks:
- acf-config.xml
- Allows style changes, allows forms, but removes Flash animations.
- acf-config-nf.xml
- Allows style changes, but strips forms and removes Flash animations. The types of forms that are not allowed are form HTML elements. Form HTML elements are used to add things like buttons or fields to a web page.
- acf-config-ns.xml
- Allows forms, but strips style changes and removes Flash animations. Preventing style changes affects rich text fields. If you configure the active content filter to prevent style changes, then users will not be able to perform the common tasks associated with changing the style of rich text content, such as changing the font color, margins, and so on.
- acf-config-nf-ns.xml
- Prevents style changes and strips forms and removes Flash animations.
- acf-config-flash.xml
- Allows style changes, allows forms, and allows Flash animations.
- acf-config-nf-flash.xml
- Allows style changes and Flash animations, but strips forms. This file is the default file used by Blogs, Wikis, and Forums.
- acf-config-ns-flash.xml
- Allows forms and Flash animations, but strips style changes.
- acf-config-nf-ns-flash.xml
- Allows Flash animations, but strips style changes and forms.
- acf-config-nm.xml
- Prevents users from changing the margins on images and strips Flash animations.
- acf-config-nm-flash.xml
- Allows Flash animations, but prevents users from changing the margins on images.
Procedure
-
Edit the LotusConnections-config.xml file.
Important: Leave the wsadmin session open so you can check in the updated file.
- Synchronize the nodes using the Integrated Solutions Console for the network deployment system.
- Restart the WebSphere® Application Server.