Configuring the Rich Text Content Policy File
The policy XML file has four notable sections:
-
Common Regular Expressions: In this section, the regular expressions that can be used in the rest of the policy file are defined between the <common-regexps> tags.
-
Common Attributes: In this section, the attributes that can be used while specifying the tag-rules are defined between the <common-attributes> tags.
-
Tag Rules: In this section, the parsing rules that will be used for each tag individually are defined between the <tag-rules> tags.
-
CSS Rules: In this section, the parsing rules that will be used for each CSS property individually are defined between the <css-rules> tags.
Once you have exported the desired policy file from the application to your local directory, you can begin making edits to the XML file.
Adding a Common Regular Expression
To create a common regular expression:
-
Create an alias in the Common Regular Expressions section. For example, to add the common regular expression (\d)+, make the following entry:
<common-regexps>
<regexp name=”number” value=”(\d)+”/>
</common-regexps>
Here “number” has been used as the alias for the regular expression.
Allowing a New Tag
To allow a new tag:
-
A new tag rule corresponding to this tag must be added in the Tag Rules section. For example, to allow the <span> tag, make the following entry:
<tag-rules>
<tag name=”span” action=”validate”/>
</tag-rules>
Here, action=”validate” ensures that the attributes of the tag follow the rules outlined for them.
Allowing a New Attribute for a Tag
To allow a new attribute for a tag:
-
The attribute must be added to the corresponding tag rule in the Tag Rules section. For example, to allow attribute dir for the <span> tag, make the following entry:
<tag name=”span” action=”validate”>
<attribute name=”dir”/>
</tag>
Adding a Rule for an Attribute Value
There are two ways for adding a rule for an attribute value:
-
Adding a list of literal values
-
Adding a list of regular expressions
To specify both literal values as well as regular expressions for attribute values, you can use a combination of both.
To add a list of literal values:
-
If you want to allow fixed values for an attribute, you need to specify a list of literal values. For example, to allow values ltr and rtl for attribute dir of the <span> tag, the following entry is made:
<tag name=”span” action=”validate”>
<attribute name=”dir” >
<literal-list>
<literal value=”ltr”/>
<literal value=”rtl”/>
</literal-list>
</attribute>
</tag>
To add a list of regular expressions:
-
An example of adding a list of regular expressions is to allow values that are represented by the regular expression, such as (\d)+(px) and the common regular expression number, for the attribute width of the tag <img>. To do so, the following entry is made:
<tag name=”img” action=”validate”>
<attribute name=”width” >
<regexp-list>
<regexp value=”(\d)+(px)”/>
<regexp name=”number”/>
</regexp -list>
</attribute>
</tag>
Adding Validation for Attributes
To add validation for attributes:
-
Certain tags and attributes can be blocked by the sanitizer by default and require validation. The following entry is an example of a change that is made in the Common Attributes section to add validation.
<attribute name="start">
<regexp-list>
<regexp name="number"/>
</regexp-list>
</attribute>
Allowing a New CSS Property
To allow a new CSS property:
-
A new CSS rule corresponding to this property can be added in the CSS Rules section. For example, to allow the CSS property width, the following entry is made:
<css-rules>
<property name=”width”/>
</css-rules>
Adding a Rule for a CSS Property Value
There are two ways for adding a rule for a CSS property value:
-
Adding a list of literal values
-
Adding a list of regular expressions
To specify both literal values as well as regular expressions for CSS property values, you can use a combination of both.
To add a list of literal values:
-
If you want to allow fixed values for a CSS property, you must specify a list of literal values. For example, to allow values auto and inherit for the CSS property width, the following entry is made:
<property name=”width”>
<literal-list>
<literal value=”auto”/>
<literal value=”inherit”/>
</literal-list>
</property>
To add a list of regular expressions:
-
An example of adding a list of regular expressions is to allow values that are represented by the regular expression (\d)+(px) and the common regular expression number for the CSS property width, the following entry is made:
<property name=”width”>
<regexp-list>
<regexp value=”(\d)+(px)”/>
<regexp name=”number”/>
</regexp-list>
</property>
Allowing Links in the Source Attribute of an iframe Tag
To allow links in the source attribute of an iframe tag:
-
Make the following entry in the XML file:
<tag name=”iframe” action=”validate”>
<attribute name=”src”>
<regexp-list>
<regexp value=”((http(s:|:))?)((//)?)((www.)?)(externaldomain/)((.)*)”/>
</regexp-list>
</attribute>
</tag>
To allow links from w3schools, for instance, simply replace externaldomain with w3schools.com.
Using a Plain Text Policy
To ensure that content of your customers, authors, and agents only use plain text, there is a simple change you can make to the policy.
To allow plain text content only:
-
Import a policy file with only the following content:
<?xml version=”1.0” encoding=”ISO-8859-1” ?>
<anti-samy-rules xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”xsi:noNamespaceSchemaLocation=”antisamy.xsd”>
</anti-samy-rules>
Allowing File Protocols in the Article Content
To use file protocols in the content of a knowledge article, you can make certain changes to the policy.
To allow m-files protocol in the article content:
-
Make the following entries in the XML file:
-
<common-regexps>
......
<regexp name="mfilesURL" value="(\s)(m-files://)[\p{L}\p{N}]+[\p{L}\p{N}\p{Zs}\.\#@\$%\+&";\-_~,'\?=/!\(\)\s](\s)*"/>
</common-regexps> -
<common-attributes>
<attribute name="href">
<regexp-list>
.......
<regexp name="mfilesURL"/>
</regexp-list>
</attribute>
</common-attributes> -
<anti-samy-rules>
......
<allowed-protocols value="http, https, ftp, ftps, mailto, news, file, notes, tel, sms, data, m-files"/>
</anti-samy-rules>
-
Related Topics