This section describes how to configure Content Studio via the config file.
The file should be called
com.enonic.app.contentstudio.cfg and placed into the
$XP_HOME/config folder of your XP installation.
Html Editor XSS
Content Studio’s Rich Editor automatically removes any
<iframe> tags from the source code. This measurement effectively reduces potential for XSS injections. This also removes any scripts from documents migrated from XP 6 on first save.
Iframes can still be added through the use of the built-in
You can allow
<script> tag in html fields at your own risk by adding the following to the config file:
htmlinput.allowScripts = true
Disable "Mark as Ready" in the Publishing Wizard
Whenever the Publishing Wizard contains at least one item that is "Work in progress", publishing will be disabled. The editor can overrule this by applying "Mark as ready" bulk action from the button dropdown menu and marking all of such items as "Ready for Publishing".
To add another level of restriction and prevent accidental publishing of items that are not ready for publishing, the "Mark as ready" bulk action can be disabled by adding the following parameter to the config file:
publishingWizard.allowContentUpdate = false