How Enable strict allowlist helps with content management
The Enable strict allowlist option allows you to restrict the HTML content to only the URLs available in the Allowlist tab. This article illustrates how to use this option to control what HTML content can be accessed and displayed.
If enabled, the HTML content is restricted to only the URLs available in the Allowlist tab and support for nested iframes and allowlist entries with Regular Expressions is disabled.
To restrict HMTL content only to certain URLs, perform the following:
Navigate to Settings > HTML Configuration. Specify the URLs to be accessed in Allowlist.
For example, consider the following image with a few URLs defined in the allowlist:
HTML Configuration - AllowlistEnable the Enable strict allowlist option from the Global configuration tab in the configuration.
Global configuration - Enable strict allowlist optionAdd an HTML macro to the relevant page. The HTML content from the URLs listed in the allowlist is rendered. URLs from any other source other than those listed in the allowlist are not rendered. See tutorials for more information on how to use the HTML macro.
The following image displays the HTML content from the source in the macro body that is not listed in the allowlist:HTML macro - Not allowlisted contentThe following image displays the HTML content from the source in the macro body that is listed in the allowlist:
HTML macro - Allowlisted content
Output
The output from the above example is displayed based on the selection of the Enable strict allowlist parameter.
If Enable strict allowlist option is enabled, in the first case, the HTML content is not rendered while in the second case, the HTML content is rendered.
If the Enable strict allowlist option is disabled, in both cases, the HTML content is rendered correctly.
Need support? Create a request with our support team.