URL protocol rules (whitelists)
Whitelist active content for HCL Connections™ based on the protocol specified within URLs.
The URL protocol rules specify which protocols are allowed within the HTML source code of
uploaded content. URL protocols appear within a variety elements, such as:
- The
href
attribute in<a>
and<area>
tags - The
src
attribute in<iframe>, <img>, <audio>
, and<video>
tags - The
cite
atttribute in<q>
tags
The following protocols are allowed by default: http
, https
,
mailto
, ftp
, and tel
.
The following rules can be used to tailor the allowed protocols to your needs; these rules can be used in conjunction with one another.
- allowStandardUrlProtocols
- Allows URLs containing any of the following (default) protocols:
http
https
mailto
ftp
tel
Usage:<allowStandardUrlProtocols enabled="true" />
To allow a different set of URL protocols, apply the allowUrlProtocols rule instead.
- allowUrlProtocols
- Allows URLs containing only protocols that you specify with this rule. Use this rule when you
only want to whitelist a small set of URL protocols. This rule can be used in conjunction with
AllowStandardUrlProtocols.Usage
<allowUrlProtocols> <protocol name="ftp" /> <protocol name="tel" /> <protocol name="notes" /> <protocol name="file" /> </allowUrlProtocols>
- disallowUrlProtocols
- Allows you to reverse an earlier "allow"
rule.Usage:
<disallowUrlProtocols> <protocol name="javascript" /> <protocol name="vbscript" /> </disallowUrlProtocols>