Usage Example
The antisamy-ppm.xml
file by default has the following tag rule:
<tag name="a" action="validate"> <attribute name="href"> <regexp-list> <regexp name="ppm-report-token"/> </regexp-list> </attribute> </tag>
This means if an end user inputs a hyperlink in a field, the hyperlink cannot be opened from the PPM pages, unless the hyperlink is in conformity with the regular expression "ppm-report-token", which is defined as follows in the policy file.
<regexp value="\[\w+\.\S+\]" name="ppm-report-token"/>
If you want to open hyperlinks from PPM pages, you should delete or edit the regulation expression in the above tag rule. For example, you can change the tag rule into the followings:
Caution: The regular expression "ppm-report-token" mitigates most attack vectors such as XSS. If you delete this regular expression, some PPM pages will not be protected from XSS. We strongly recommend that you exercise caution when deleting or editing the regular expression.
<tag name="a" action="validate"> <attribute name="href"> </attribute> </tag>
Or
<tag name="a" action="validate"> <attribute name="href"> <regexp-list> <regexp name="anything"/> </regexp-list> </attribute> </tag>
where <regexp value=".*" name="anything"/>