Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

White list of allowed html tags #7

Open
MikeTheSnowman opened this issue Dec 13, 2023 · 0 comments
Open

White list of allowed html tags #7

MikeTheSnowman opened this issue Dec 13, 2023 · 0 comments

Comments

@MikeTheSnowman
Copy link

I'm creating this GH issue as a form of documentation as the fortify/sample-parser repo doesn't have GH Issues enabled and neither repos have the wiki enabled.

For those who are writing parsers where you want to have special formatting by using some HTML, I've tried to test, via trial and error, to determine which HTML tags that the Fortify SSC server will allow.

As of now (Fortify SSC version 23.1), here are the tags that I've been able to get Fortify SSC to render:

<a></a>
<b></b>
<blockquote></blockquote>
<br></br>
<cite></cite>
<code></code>
<dd></dd>
<div></div>
<dl></dl>
<dt></dt>
<em></em>
<h1></h1>
<i></i>
<li></li>
<ol></ol>
<p></p>
<pre></pre>
<q></q>
<small></small>
<span></span>
<strike></strike>
<strong></strong>
<sub></sub>
<sup></sup>
<table/>
<u></u>
<ul></ul>

Below are a list of html tags that I've noticed Fortify SSC to sanitize:

abbr
acronym
address
applet
area
article
aside
audio
base
basefont
bdi
bdo
big
button
canvas
caption
center
col
colgroup
data
datalist
del
details
dfn
dialog
dir
embed
fieldset
figcaption
figure
font
footer
form
frame
frameset
header
hgroup
hr
iframe
input
ins
kbd
label
legend
link
main
map
mark
menu
meta
meter
nav
noframes
noscript
object
rp
rt
ruby
s
samp
search
section
select
source
optgroup
option
output
param
picture
progress
summary
svg
table
tbody
td
template
textarea
tfoot
th
thead
time
title
tr
track
tt
var
video
wbr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant