encodeHtml Function Filter Data Input
5.9.3.2 Configuration Variable for ExtendedUserAttributes
The following configuration variable can be set in the Oracle Content Server system and is useful if you are working with default attributes: ■ DefaultAttributesCacheTimeoutInSeconds: Defines how long the default attribute cache remains active default = 600.5.9.4 Filter Data Input
The Oracle Content Server system can be customized to filter data input for illegal or corruptive HTML constructs by using the encodeHtml Idoc Script function and a filter hook to automatically scrub all input data for dangerous HTML constructions. The encodeHtml function can be applied to a specific string. The HtmlDataInputFilterLevel configuration variable can be used to apply a level of encoding to filter all data input to the Oracle Content Server system. This section covers the following topics: ■ Section 5.9.4.1, encodeHtml Function ■ Section 5.9.4.2, HtmlDataInputFilterLevel Configuration Variable5.9.4.1 encodeHtml Function
The encodeHtml Idoc function can be used to filter data input for illegal or corrupted HTML constructs. The output is an encoded string. The encodeHtml function is applied by default to the discussions in the Threaded Discussions component. The encodeHtml function is generally used at the exceptsafe or higher level of encoding because the HtmlDataInputFilterLevel configuration variable will already have been encoded as unsafe assuming it uses the default configuration. The encodeHtml function is defined as follows: encodeHtml string, rule, wordbreakrules ■ string : The string to encode. ■ rule : The rule to apply when encoding HTML constructs. The following values are allowed: – none: No conversion is done to HTML constructs. Managing Security and User Access 5-69 – unsafe: Only well-known unsafe script tags are encoded. The list includes: script, applet, object, html, body, head, form, input, select, option, textarea. – exceptsafe: Only well-known safe script tags are not encoded. The list includes: font, span, strong, p, b, i, br, a, img, hr, center, link, blockquote, bq, fn, note, tab, code, credit, del, dfn, em, h1, h2, h3, h4, h5, blink, s, small, sub, sup, tt, u, ins, kbd, q, person, samp, var, ul, li, math, over, left, right, text, above, below, bar, dot, ddot, hat, tilde, vec, sqrt, root, of, array, row, item. – lfexceptsafe: Recommended where extended comments are entered by a user and they want to preserve the line feed breaks of the original text. Similar to exceptsafe, however, line feed ASCII 10 characters are turned into HTML break tags br. Line feeds inside of HTML tags are not turned into break tags. The following script tags that are safe with exceptsafe are not safe with lfexceptsafe: br, p, ul, li. Except for the rule none, all the rules have special HTML comment handling. In particular, all HTML comments are allowed through the filter. However, when inside an HTML comment, all less than and greater than symbols are encoded. This does not apply to the HTML closing signature --. Also, if there is an unterminated comment, the encoding function appends the HTML comment close signature --. Additionally, except for the rule none, any attribute value located inside a tag has any parenthesis encoded to 28 for or 29 for . Otherwise, if any character is escaped it is escaped using the XML xxxx; type encoding. wordbreakrules : This is an optional parameter that specifies if long strings without space characters are to be broken up and what maximum word size to apply. Either the string wordbreak or nowordbreak can be specified. This parameter can be used with any of the encodeHtml rules. The default is to turn on wordbreak if the rule lfexceptsafe is specified, and to use a maxlinelength of 120 characters. The additional parameter maxlinelength=xxx can be used with the wordbreak parameter to specify a desired maximum line length. For example: encodeHtml exceptsafe, bad text, wordbreak, maxlinelength=80 The wordbreak functionality is only usable by the encodeHtml function because the function is used for display and not applied before the data is stored. For information about Idoc Script see the Oracle Fusion Middleware Idoc Script Reference Guide.5.9.4.2 HtmlDataInputFilterLevel Configuration Variable
Parts
» Oracle Fusion Middleware Online Documentation Library
» Understanding Oracle Universal Content Management and Oracle Content Server
» Utilities Management Pages Applications Command Line
» Administration Tray Admin Applets Page
» Modifying Server Configuration Parameters for Oracle Content Server
» Viewing Log Information for Oracle Content Server
» Starting Oracle Content Server with Scripts
» Restarting Oracle Content Server with Scripts
» Viewing MBean Information for Oracle Content Server Accessing Oracle Content Server With a Browser
» Click OK. Running a Standalone Application on a Windows System
» Delete Update About Batch Loading
» Optional Parameters About Batch Loading
» About Preparing a Batch Load File
» About Running the Batch Loader Batch Loading from the Command Line
» Using the IdcCommand Utility and Remote Access
» Example: Best Practice Case Study
» Log File Characteristics Accessing the Log Files
» Accessing the Content Server Analyzer Viewing the Analysis Progress and Results
» Configuration Information Environment Packager Configuration Debug Entry
» About System Properties Configuring System Properties
» Configuring Content Security Configuring Internet Information Configuring the Database
» About The Oracle Query Optimizer Component Query Optimization Process
» How Reformatted Queries Optimize Searches
» Types of Recognized Hints Query Hints Syntax
» Additional Supported Sort Constructs The Hint Rules Table Edit Hint Rules Form
» The Hint Cache Searching Content Using the Oracle Query Optimizer Component
» Enter the applicable information for the query and hints. Click Remove.
» Data Management Introduction to the File Store System
» DefaultFileStore Settings Empty Storage Rule
» Using Standard Oracle Content Server Variables
» Understanding FileStoreProvider Storage Principles
» PartitionList Table StorageRules Table
» PathMetaData Table PathConstruction Table
» FileSystemFileStoreAlgorithmFilters Table FileStoreProvider Resource Tables
» Example PathMetaData Table Options Configuration for Standard File Paths
» Configuration for a Webless or Optional Web Store
» Configuration for Database Storage Altered Path Construction and Algorithms
» Script Construction Mapping URLs with WebUrlMapPlugin
» Supported Variables for Referencing AddEdit URL Mapping Entries
» Info Update Form Dynamic Conversion CGI parameters
» Oracle Content Server Providers
» Choosing an Appropriate Provider
» Security Providers About Providers
» Changes in Security Compared to Oracle Content Server 10g
» Security within Oracle Content Server
» Additional Security Options Introduction to Oracle UCM and Oracle Content Server Security
» Configuring Oracle UCM for Two-Way SSL Communication
» Configuring Oracle Access Manager 11g with Oracle UCM
» Configuring Oracle Access Manager 10g with Oracle UCM
» Configuring Oracle Single Sign-On for Oracle UCM
» Configuring Oracle WebLogic Server Web Services
» External Users Introduction to User Login Types
» Local Users Introduction to User Login Types
» Introduction to User Logins and Aliases
» Highlight the alias to be deleted and click Delete.
» Best Practices for Working with Security Groups Performance Considerations
» Predefined Roles About Permissions
» Accounts and Security Groups Hierarchical Accounts
» Assigning Accounts to a User with Oracle WebLogic Server
» Xalco Security Xalco Accounts
» Xalco Roles Roles and Permissions Table Roles and Users Table Accounts and Users Table
» Empty Access Control List Fields
» About Proxy Connections Additional Oracle Content Server Security Connections
» About Credential Mapping Credential Values
» About Named Password Connections Guidelines for Proxy Connections Data
» About Using HTTP Protocol for Content Server Connection Configuring the HTTP Provider
» About BrowserUrlPath Customization Browser URL Customization
» Affected Idoc Script Variables and Functions
» Changing Absolute Full Path Computation Changing Administration Path Computation
» ExtUserAttribInfo ResultSet Extended User Attributes
» encodeHtml Function Filter Data Input
» HtmlDataInputFilterLevel Configuration Variable Filter Data Input
» Viewing Information about a Component
» Enabling and Disabling a Component Uploading a Component
» Select the Template option. The Click Next. Click Next.
» Click Select. To show the entire list of predefined templates, select Show All. Click OK.
» Click Select. Select a query from the list. Click OK.
» Click Select. To show the entire list of predefined services, select Show All. Click OK.
» Click Select. To show the entire list of predefined includes, select Show All. Click OK.
» Click Insert. Repeat these steps until all of the table columns have been Click OK.
» Considerations for Using OracleTextSearch Configuring OracleTextSearch for Oracle Content Server
» Indexing and Query Speeds and Techniques
» Fast Rebuild Query Syntax OracleTextSearch Operators
» Case Sensitivity and Stemming Rules Search Results Data Clustering
» Snippets Additional Changes Oracle Text 11g Features and Benefits
» Determining Fields to Optimize Modifying the Fields Displayed on Search Results
» Searching with OracleTextSearch Metadata Wildcards
» Search Results with OracleTextSearch
» Configuring an Oracle Content Server Source with Other Single Sign-On Solutions
» Configuration Migration Introduction to Migration Tools and Components
» Archiver Introduction to Migration Tools and Components
» Folder Archiving FolderStructureArchive Component
» Migration Structure About Migration Templates and Bundles
» Limitations Migration Logs Migration Tips
» Using a web browser, select Config Migration Admin from the Oracle Content
» Archive Structure Collections Archive Details
» If required, enter the administrator login name and password, then click OK. Enter .archive
» Click Update. Click Delete. Select Custom Query Expression.
» Update Import Rule Insert Revision Import Rule Insert Create Import Rule
» Transfer Uses Transfer Methods Transfer Terms
» Local Transfer Pull Transfer Push Transfer
» Transferring Batch Files Transferring Files
» Single Revision Replications Replication Uses
» Click Edit. Select Is Transfer Automated. Click OK.
» Export Import Self ExportImport
» One-to-One Archiving One-to-Many Archiving
» Adding Content ID Prefixes Changing Release Dates
» Many-to-One Archiving Configuration Migration Tips
» Overview of FolderStructureArchive Component Differences With Built-in Folders Archiving Features
» Using a Folder Structure Archive Configuration Variables
» Important Implementation Considerations Folder Structure Archiving
» How ArchiverReplicationExceptions Works Scenario 1 Scenario 2
» Administering and Using ArchiverReplicationExceptions
» Total Export Possible with Blank Export Query New Check-Ins and Batch File Transfers
» Folder Archive Export Doesnt Work If Collections Table Has Many Records
» Select an archive. Click the Click Edit in the Export Query section.
» Click the Select an archive from the Current Archives list Click the
» Click the Table list Edit button.
Show more