Content control

To mitigate common web vulnerabilities, DreamApply applies the following limitations to content formatting:

  • HTML removal: Raw HTML tags are not supported and removed from the output.

  • Protocol whitelisting: URL protocols for links and images are strictly limited to a safe whitelist:

    • http: Standard web pages
    • https: Secure web pages
    • mailto: Email links
    • ftp: File transfer

    Other protocols, such as file, tel, callto and sftp, are disallowed.

  • Inline styles disabled: Inline CSS styles cannot be applied to elements.

  • Limited formatting options: The formatting options are limited to basic text styling.

Previous

Content styling