Configuration file
Contents
Configuration file
This section describes how to configure Content Studio via the config file.
The file should be called com.enonic.app.contentstudio.cfg and placed into the $XP_HOME/config folder of your XP installation.
Html Editor XSS
Content Studio’s Rich Editor automatically removes any <script> and <iframe> tags from the source code. This measurement effectively reduces potential for XSS injections. This also removes any scripts from documents migrated from XP 6 on first save.
Iframes can still be added through the use of the built-in embed macro.
You can allow <script> tag in html fields at your own risk by adding the following to the config file:
com.enonic.app.contentstudio.cfg
htmlinput.allowScripts = true