Security Scan URLs CSVs Reference
The following words or characters are replaced by UNSAFE_DATA according to the Security Scan Level of Input Parameters setting in System Configuration > Security Management. The LMS scans Input from URL parameters and CSV data loaders.
Filenames are treated as follows:
- Do not allow illegal characters in the name (% or <) or illegal file extensions (defined in System Configuration).
- If the user's system role has the OWASP Restrictions Override permission (System Roles > Data Access Control > Role General Permissions), all are allowed except for illegal file extensions.
- If no special permissions, only allow explicitly listed extensions (defined in System Configuration).
| Medium | High | Extreme |
| <script | var | < |
| alert( | href | > |
| vbscript | src= | %3c |
| eval | style= | |
| confirm( | action= | |
| :expression( | ||
| .write | ||
| prompt( | ||
| onerror | ||
| onmouse | ||
| onload | ||
| onunload | ||
| onchange | ||
| onsubmit | ||
| onclick | ||
| onbegin | ||
| jsessionid | ||
| .location | ||
| document. | ||
| window. | ||
| parent. | ||
| form. | ||
| opener. | ||
| insert into | ||
| select from | ||
| delete from | ||
| update= |