HTML_HEADER_VALUE
- ●The group prevents HTML injection through HTTP header values.
- ●The security level Basic does not prevent any HTML injection.
- ●The security level Standard prevents injection of well known HTML tags (e.g. <img src="path">) as well as injection of well known HTML attribute names in a single or double quoted attribute value (e.g. ' href="URL").
- ●The security level Strict prevents injection of any kind of HTML tags as well as injection of any kind of HTML attribute names in a single or double quoted attribute value.
Included Deny Rules
Rule name | Basic | Standard | Strict |
(default HTML_001b) HTML tag in HTTP header value | |||
(default HTML_002b) Known HTML tag in HTTP header value | |||
(default HTML_003b) HTML attribute in quoted context in HTTP header value | |||
(default HTML_004b) Known HTML attribute in quoted context in HTTP header value |