StripScript

Set StripScript to True to remove script tags and other executable code from input HTML documents. When you also set NoACI to True in the View action, IDOL View Component adds HTTP headers to the output to prevent Web browsers from running any scripts embedded in the HTML. You can use the ContentSecurityPolicy configuration parameter to modify the headers that View adds.

NOTE: Setting StripScript to True can significantly reduce the speed of the View action.

The StripScript parameter removes many known forms of script and code. However, for more complete security, Micro Focus recommends that you use a Web Application Firewall (WAF) with the View component.

You can use the StripScript parameter in the [Viewing] section of the configuration file to specify the default.

Actions: View
Type: Boolean
Default: False
Example: StripScript=True
See Also: ContentSecurityPolicy configuration parameter
StripScript configuration parameter