To prevent this risk, Efficy can “sanitize”, clean up the input fields by removing risky HTML tags.
The HTML tags can be configured with a blacklist or whitelist. A blacklist sums up the forbidden HTML tags, all others are allowed. A whitelist contains the allowed HTML tags, all other tags are forbidden.
Are whitelists more secure than blacklists? Theoretically, they’re not, but in practice, they may be. A whitelist strictly limits the Memo fields to those HTML tags that can be commonly expected in that context. Blacklists have to be exhaustive: the risk that you forget a tag to be forbidden is higher…
Enter value 1 to see the tag list as a blacklist, value 2 to see the tag list as a whitelist.
detailed instructions: Security Management (download this technical note from the Efficy FTP site)
related parameter: SanitizeMemoTagList