Related Links
sys_sanitizeItemFields
The sys_sanitizeItemFields Input Transform can be configured on a Content Type to strip all or some HTML markup from a list of fields on the Content Type when content is created or updated. This is useful to security harden Content Editors to prevent malicious users from inserting <script> or other HTML tag in fields that should just allow plain text.
Extension Parameters
Parameter | Data Type | Description |
fields | String | A comma separated list of field names from the content type that should be sanitized for HTML input when they are saved. |
whitelist | String | Specifies the whitelist to use when sanitizing input.
|
Configuring this input transform on all non rich text text fields on a Content Type is recommended to harden the content type editor against XSS type of attacks.