Overview of the Security module
By sanitizing content, you can remove or disallow sensitive content such as HTML tags and external embed codes. This means, content entered in, for example, the Noticeboard and the Cafeteria Menu, can be automatically examined before it’s published in SharePoint and, depending on the level of sanitization chosen by the administrator, will only preserve whitelisted HTML tags, attributes and styles.
The Security module consists of three degrees of sanitization, where level 1 does not sanitize at all, whereas level 3 uses a highly restricted whitelist of HTML tags, attributes, styles etc. to prevent cross site scripting.
By default, all Wizdom solutions (version 6.38 later) will be set to security level 2. This level blocks all scripting but will allow iframe embeds and CSS which, for example, enables you to present embedded content from resources like Instagram and YouTube on your intranet.
Note that all content created before a change in sanitization level will not be affected by the new level.
- Level 3: Uses a highly restricted whitelist of HTML tags, attributes, styles etc. to prevent cross-site scripting. This sanitization level will disallow CSS, links, and most embed codes from external services, such as YouTube, Instagram, etc.
- Level 2: Uses a less restricted whitelist which will block all scripting, but still allow iframe embeds, CSS, and links.
- Level 1: Does not sanitize content. All HTML will be allowed in content generated by users and editors.