About Rich Text Content Policies

In order to prevent Cross Site Scripting (XSS) issues from rich text content entered by customers and authors in chat messages and knowledge articles, the application enforces a default content policy that enables the allowed HTML and CSS elements and attributes. Application security administrators can modify the content policy to meet their requirements. Administrators can modify the content policy for each of the following:

• Knowledge article content created by authors

• Knowledge article content submitted by customers

The content policy is an XML file that outlines the rules to be followed while parsing the content. It primarily addresses three things:

• What HTML tags should be allowed?

• What attributes of these HTML tags should be allowed?

• What values of these attributes should be allowed?

When the rich text content policies have been enabled, the application can begin sanitizing the content of users.

• Input sanitation: If the content violates the defined policy, the attributes that violate the policy are stripped off and the sanitized content is saved in application. Users are not shown errors during sanitation. Sanitation is applied to:

  • Content created in application (Using Knowledge - Author Policy)

Content policies can be adjusted to only allow the use plain text as well. To learn how, see the Using a Plain Text Policy section of Configuring the Rich Text Content Policy File.

Related Topics

• Enabling and Disabling Rich Text Content Policy

• Exporting and Importing Rich Text Content Policy

• Configuring the RIch Text Content Policy File

• Restoring Rich Text Content Policies