Configuration file

Contents

Configuration file

This section describes how to configure Content Studio via the config file.

The file should be called com.enonic.app.contentstudio.cfg and placed into the $XP_HOME/config folder of your XP installation.

Html Editor XSS

Content Studio’s Rich Editor automatically removes any <script> and <iframe> tags from the source code. This measurement effectively reduces potential for XSS injections. This also removes any scripts from documents migrated from XP 6 on first save.

Iframes can still be added through the use of the built-in embed macro.

You can allow <script> tag in html fields at your own risk by adding the following to the config file:

com.enonic.app.contentstudio.cfg
htmlinput.allowScripts = true

Contents