Deny Rule Group – (default) HTML Injection in Path

HTML_PATH

  • The group prevents HTML injection through HTTP paths.
  • The security level Basic does not prevent any HTML injection.
  • The security level Standard prevents injection of well known HTML tags (e.g. <img src="path">) as well as injection of well known HTML attribute names in a single or double quoted attribute value (e.g. ' href="URL").
  • The security level Strict prevents injection of any kind of HTML tags as well as injection of any kind of HTML attribute names in a single or double quoted attribute value.

Included Deny Rules

Rule name

Basic

Standard

Strict

(default HTML_001c) HTML tag in path

Icon - ON

(default HTML_002c) Known HTML tag in path

Icon - ON

(default HTML_003c) HTML attribute in quoted context in path

Icon - ON

(default HTML_004c) Known HTML attribute in quoted context in path

Icon - ON