Use PPM AntiSamy
This section describes the AntiSamy feature in PPM. This feature gains wisdom from the OWASP AntiSamy project. Generally speaking, AntiSamy is an HTML, CSS, and JavaScript filter that sanitizes user input based on a policy file. For more information about OWASP AntiSamy project, see the web site of the Open Web Application Security Project. .
PPM AntiSamy makes sure user's HTML, CSS and JavaScript input strictly follows rules defined by the policy file antisamy-ppm.xml
. For example, if you enable the AntiSamy feature, you cannot open hyperlinks on request details page or project details page. This is because the hyperlink-kind input by default does not meet the rules defined by antisamy-ppm.xml
. To make hyperlinks accessible in PPM, you can configure the policy file as you demand.
Turn on and off the AntiSamy feature
You can turn on or off the AntiSamy feature by setting the server configuration parameter ENABLE_ANTISAMY
in the server.conf
file.
If you set the parameter to true
, your turn on the AntiSamy feature. User's HTML, CSS, and JavaScript input will be monitored by the policy file antisamy-ppm.xml
.
If you set the parameter to false
, you turn off the AntiSamy feature. User's HTML, CSS, and JavaScript input will not be monitored.
By default, the AntiSamy feature is enabled and we recommend that you keep the AntiSamy feature turned on.