This section describes how to configure Content Studio via the config file.
The file should be called
com.enonic.app.contentstudio.cfg and placed into the
$XP_HOME/config folder of your XP installation.
Content Studio’s Rich Editor automatically removes any
<iframe> tags from the source code. This measurement effectively reduces potential for XSS injections. This also removes any scripts from documents migrated from XP 6 on first save.
Iframes can still be added through the use of the built-in
You can allow
<script> tag in html fields at your own risk by adding the following to the config file:
htmlinput.allowScripts = true