.\" This man page is automatically generated using
.\" kayadoc2man from the Kaya development tools and the -xmldocs compile 
.\" option. Editing it directly is not encouraged.
.\" It is under the same license as the source .k file that it was
.\" generated from.
.TH "HTMLDocument.ConversionSafety" "3kaya" "July 2013" "Kaya" "Kaya module reference"
.SH "NAME"
HTMLDocument::ConversionSafety \- The conversion safety level for String->HTML conversion
.SH "SYNOPSIS"
.B HTMLDocument::ConversionSafety<
\fI\fP
.B >
.IP "" -2
= 
.BI "Safe(" "" ")"
.IP "" -2
| 
.BI "Unsafe(" "" ")"
.IP "" -2
| 
.BI "VeryUnsafe(" "" ")"
.SH "DESCRIPTION"
.PP
If you are using the
\fBInlineOnly \fP
or
\fBAllElements \fP
option for
.B "HTMLDocument.WhiteList"(3kaya)
you can choose various sets of elements and attributes to allow.
.IP "" -2
- 
\fBSafe \fP
- a very restricted set of elements and attributes is allowed. Hyperlinks, images, forms, scripting, inline styles and so on are not allowed.
.IP "" -2
- 
\fBUnsafe \fP
- As
\fBSafe \fP
, but hyperlinks, images and client-side scripting are allowed. Some cross-site scripting is possible as a result.
.IP "" -2
- 
\fBVeryUnsafe \fP
- As
\fBUnsafe \fP
, but form controls are also allowed. This allows some potentially very nasty cross-site scripting attacks to be carried out with ease if an attacker is able to influence the String being converted, so use this with extreme caution.
.PP
None of these allow the direct addition of <script> elements or the
\fBonX \fP
event handlers.
.SH "AUTHORS"
Kaya standard library by Edwin Brady, Chris Morris and others (kaya@kayalang.org). For further information see http://kayalang.org/
.SH LICENSE
The Kaya standard library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License (version 2.1 or any later version) as published by the Free Software Foundation.
.SH "RELATED"
.PD 0
.PP
.B "HTMLDocument.WhiteList"(3kaya)
.PP
.B "HTMLDocument.readFromString"(3kaya)
.PD 0.4v