About Rich Text Content Policies

In order to prevent Cross Site Scripting (XSS) issues from rich text content entered by agents, customers, and authors in chat messages and knowledge articles, the application enforces a default content policy that enables the allowed HTML and CSS elements and attributes. Application security administrators can modify the content policy to meet their requirements. Administrators can modify the content policy for each of the following:

• Chat messages sent by agents to customers

• Chat messages sent by customers to agents

• Content of standard and secure incoming emails

• Content of standard and secure outgoing emails

• Knowledge article content created by authors

• Knowledge article content submitted by customers

• Incoming social media content

• Outgoing social media content

The content policy is an XML file that outlines the rules to be followed while parsing the content. It primarily addresses three things:

• What HTML tags should be allowed?

• What attributes of these HTML tags should be allowed?

• What values of these attributes should be allowed?

When the rich text content policies have been enabled, the application can begin validating and sanitizing the content of users.

• Input validation: If the content violates the defined policy, entire content is rejected and the user is shown an error message indicating the same. Validation is applied to:

• • Customer to Agent Chat Data (Using Chat - Customer Policy)

  • Agent to Customer Chat Data (Using Chat - Agent Policy)

• Input sanitation: If the content violates the defined policy, the attributes that violate the policy are stripped off and the sanitized content is saved in application. Users are not shown errors during sanitation. Sanitation is applied to:

• • Note Content (Using Default Policy)

  • Internal Messaging – Body Content (Using Default Policy)

  • Content created in application (Using Knowledge - Author Policy)

Content policies can be adjusted to only allow the use plain text as well. To learn how, see the Using a Plain Text Policy section of Configuring the Rich Text Content Policy File.

Rich text articles can be authored for use by agents to respond to incoming Apple Messages for Business, SMS, and WhatsApp activities and send custom messages. These articles must be authored in the Knowledge Console. For more information about authoring rich text articles, see eGain Author's Guide to Knowledge Console. 

Related Topics

• Enabling and Disabling Rich Text Content Policy

• Exporting and Importing Rich Text Content Policy

• Configuring the RIch Text Content Policy File

• Restoring Rich Text Content Policies