Using PPM AntiSamy

This section describes the AntiSamy feature in PPM. This feature gains wisdom from the OWASP AntiSamy project. Generally speaking, AntiSamy is an HTML, CSS, and JavaScript filter that sanitizes user input based on a policy file. For more information about OWASP AntiSamy project, see https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project.

PPM AntiSamy makes sure user's HTML, CSS and JavaScript input strictly follows rules defined by the policy file antisamy-ppm.xml. For example, if you enable the AntiSamy feature, you cannot open hyperlinks on request details page or project details page. This is because the hyperlink-kind input by default does not meet the rules defined by antisamy-ppm.xml. To make hyperlinks accessible in PPM, you can configure the policy file as you demand.

Enabling/Disabling the AntiSamy Feature

You can enable or disable the AntiSamy feature by setting the server configuration parameter ENABLE_ANTISAMY in the server.conf file.

If you set the parameter to true, your enable the AntiSamy feature. User's HTML, CSS, and JavaScript input will be monitored by the policy file antisamy-ppm.xml.

If you set the parameter to false, you disable the AntiSamy feature. User's HTML, CSS, and JavaScript input will not be monitored.

By default, the AntiSamy feature is enabled. And We recommend that you keep the AntiSamy feature enabled.