Allowed HTML Tags and Attributes
In some areas of the application Pricefx allows custom styling of text using HTML. However, the full set of HTML features also includes things like JavaScript and other elements that could be used to circumvent certain security features or – broadly speaking – potentially are a security risk if this dynamic content is entered by one user and viewed by another (eventually more privileged) user. Hence in places where HTML is allowed, it is stripped down and only certain tags and attributed are rendered as intended.
For security reasons, only the following HTML tags and attributes are allowed in Interactive Forms - Configurators and in the Custom Help editor:
| allowedTags | [ 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'ul', 'ol', 'li', 'b', 'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div', 'span', 'pre', 'center', 'font', 'u', 'img', 'a' ] |
| allowedAttributes | { 'div': [ 'style' ], 'span': [ 'style' ], 'p': [ 'style' ], 'font': [ 'face', 'style', 'color', 'size' ], 'a': [ 'href', 'name', 'target' ], 'img': [ 'src' ] } |
| allowedSchemes | [ 'http', 'https' ] |
| allowedSchemesByTag | { img: [ 'data', 'http', 'https' ] } |
See also Supported and Unsupported Characters in Data explaining how product data is treated if it contains the greater than > and less than < symbols.
Found an issue in documentation? Write to us.