emxFramework.InputFilter.BadChars |
This property supports input filtering to prevent
bad characters (characters that could be used for malicious
purposes) from being stored in the database. The 3DEXPERIENCE platform cannot filter out the &, ", %, and + symbols because they
are used for specific functions. Add any characters you
want to filter from being stored in the database (characters
that could cause security problems). Use a pipe | to separate
the characters for this property. For example:
emxFramework.InputFilter.BadChars =
<|>|"|'|%|;|)|(|- For more information,
see Configuring Input Filtering. |
List of characters separated by | symbols and no
spaces |
emxFramework.InputFilter.BadRegExp |
This property prevents bad regular expressions
that could be used for malicious purposes from being stored in the
database. Add a pipe-separated list of regular expressions to
be filtered from being stored in the database. For example:
(?is)prog(ram)?\\s*\\[.*\\]|(?is)exec(ute)?\\s*\\[.*\\]|(?is)eval.*\\(|(?s)".*\\*|(?s)'.*\\*|
(?s)\\<.*\\>|(?s)\\>.*\\<|(?is)\\/\\*|(?is)<!--|(?is)-->|(\\b)(on\\S+)(\\s*)=|(?i)\\\\x[a-f0-9]{2}|
(?i)\\\\u00[a-f0-9]{2}|(?is)[^:]\\/\\/If
you enable input filtering in web.xml, you should add the above
value to this property. For more information, see Configuring Input Filtering. |
List of regular expressions separated by |
symbols |
emxFramework.InputFilter.ExcludeParameters |
This property supports input filtering to prevent
bad characters (characters that could be used for malicious
purposes) from being stored in the database. Several properties
require the use of characters that are normally considered "bad".
This property allows you to list the parameters you want to exclude
from input filtering on bad characters. You should not remove any
parameters from this property; add any needed parameters (separate
parameters with the | symbol). For example:
emxFramework.InputFilter.ExcludeParameters =
treeLabel|contentURL|url For more
information, see Configuring Input Filtering. |
List of parameters separated by the | symbol and
no spaces |
emxFramework.Javascript.FileNameBadChars |
Defines characters that cannot be used in file
name fields. If you remove a defined character, keep in mind that
the operating system may not permit that character to be used as a
file name. For example:
emxFramework.Javascript.FileNameBadChars = ' # $ @
& % For more information, see Configuring File Names and File Uploads. |
List of characters separated by spaces |
emxFramework.CSRF_GUARD_ENABLED |
When true, enables CSRF (Cross-Site Request
Forgery) protection. Default is true. If you change this property
to false, you disable this protection. |
true or false |
emxFramework.securityMode |
When set to false, JPO program and method names
are taken from the request without verification. Change the value to
true to restrict JPO injection. Default is false. |
true or false |
emxFramework.Security.ReferentialURL.ReferentialURLEnable |
Enables the ability to restrict the system from
redirecting to a referenced URL. When set to true, only the domains
defined in the following property can be accessed. Default is
false. |
true or false |
emxFramework.Security.ReferentialURL.WhiteListOfDomains |
When the above property is set to true, this
property defines the list of domains that can be accessed. |
Pipe-separated list of domain names |
emxFramework.ACL.ENABLED |
Restricts access to administrator level pages and
tables to administrator roles. ACL is Access Control
List. Default is true. If you
change this property to false, you disable this
protection. |
true or false |