XSS Configuration (com.soa.console.xss)

Configuration of Cross Site Scripting Filter

validate (validate)

Enable validation

Default: true

keywords (keywords)

Keywords to check for

Default: javascript:, alert(, script, document.cookie, prompt(, iframe, link, meta, layer, style, xss, img, div, object type, embed

exceptionURLs (exceptionURLs)

URLs and parameters to bypass during check, each url is separated from others by comma, and from it's parameters by colons. means to skip all parameters. For example /test:param1:param2,/test2:param1:param2

xFrameOptions (xFrameOptions)

Value for X-FRAME-OPTIONS headers. Blank means no header. Possible values are DENY, SAMEORIGIN, ALLOW-FROM origin