StripScript
Set StripScript
to True
to remove script tags and other executable code from input HTML documents. When you also set NoACI to True
in the View action, IDOL View Component adds HTTP headers to the output to prevent Web browsers from running any scripts embedded in the HTML. You can use the ContentSecurityPolicy configuration parameter to modify the headers that View adds.
NOTE: Setting StripScript
to True
can significantly reduce the speed of the View action.
The StripScript
parameter removes many known forms of script and code. However, for more complete security, Micro Focus recommends that you use a Web Application Firewall (WAF) with the View component.
You can use the StripScript parameter in the [Viewing]
section of the configuration file to specify the default.
Actions: | View |
Type: | Boolean |
Default: | False |
Example: | StripScript=True
|
See Also: | ContentSecurityPolicy configuration parameter
StripScript configuration parameter |