Submit a request

How may we help you?

  1. How may we help you?
  2. Installation & Maintenance
  3. Security

How Content Sanitization works in eFront

To enhance security and protect users from cross-site scripting (XSS) vulnerabilities, eFront includes content sanitization for course units and tests. This feature ensures that all HTML content is automatically sanitized, removing potentially harmful scripts while preserving safe formatting.

Administrators can disable this protection under System Settings > Security, but doing so may introduce security risks.

How It Works

By default, eFront automatically sanitizes all HTML content in:

  • Unit content
  • Test content and questions

What Sanitization Does:

  • Removes script tags
  • Strips potentially harmful HTML attributes (e.g., onerror, onclick, javascript:)
  • Preserves safe HTML formatting, such as headings, paragraphs, and links

This ensures that course content remains functional while eliminating potential security threats.

Configuring Content Security Settings

Global Administrators can disable content sanitization if necessary. To configure this setting:

  1. Sign in as an Administrator, then go to System Settings (1)

    sys_settings_rdy.png

  2. Select Security (2), then enable Allow unsanitized HTML content (3)

    sec_unsanitize_rdy.png

  3. Confirm your choice (4) and click Save (5)

    sanitize_warning_rdy.png

    sanitize_save_rdy.png
 Important considerations:
  • Keep sanitization enabled unless there is a specific need to allow raw HTML
  • Only allow unsanitized content if you fully trust your content authors
  • Regularly review the Audit Log to monitor security-related changes
  • Educate content creators on safe HTML usage to minimize security risks
Was this article helpful?
Have more questions?
Submit a request
Recently viewed articles