1. Knowledge Base
  2. Security & Infrastructure

Script Attack Protection: Whitelisted Custom Code Elements and Attributes

This article shares custom code elements and attributes that are not whitelisted when using the Script Attack Protection setting.

The Script Attack Protection setting prevents the storage and execution of specific custom code in record values and views that are not whitelisted (see list below). The locations where Script Attack Protection is applied can be found here.

Please contact our support team via the chat widget in the Builder or by submitting this form if you're using a code element that you would like to see included in this whitelist.

Note: Script Attack Protection is not applied to the API & Code section of the app. Additionally, Rich Text views continue to allow scripts when this setting is enabled.

 

 Allowed Tags

 Allowed Attributes

 Allowed Self Closing   Tags

 Allowed   Schemes

 h1

 a: ['style']

 img

 HTTP

 h2

 a: ['href']

 be

 https

 h3

 a: ['name']

 hr

 FTP

 h4

 a: ['target']

 area

 mailto

 h5

 h1: [`style`]

 base

 href

 h6

 h2: [`style`]

 basefont

 src

 blockquote

 h3: [`style`]

 input

 cite

 p

 h4: [`style`]

 link

 

 del

 h5: [`style`]

 meta

 

 a

 h6: [`style`]

 

 

 ul

 blockquote: [`style`]

 

 

 ol

 p: [`style`]

 

 

 nl

 del: [`style`]

 

 

 li

 ul: [`style`]

 

 

 b

 ol: [`style`]

 

 

 I

 nl: [`style`]

 

 

 strong

 li: [`style`]

 

 

 em

 b: [`style`]

 

 

 strike

 i: [`style`]

 

 

 code

 strong: [`style`]

 

 

 hr

 em: [`style`]

 

 

 be

 strike: [`style`]

 

 

 div

 code: [`style`]

 

 

 table

 hr: [`style`]

 

 

 thead

 br: [`style`]

 

 

 caption

 div: [`style`]

 

 

 tbody

 table: [`style`]

 

 

 tr

 thead: [`style`]

 

 

 the

 th: [`style`]

 

 

 td

 td: [`style`]

 

 

 pre

 tr: [`style`]

 

 

 iframe

 tbody: [`style`]

 

 

 img

 caption: [`style`]

 

 

 span

 pre: [`style`]

 

 

 font

 span: [`style`]

 

 

 meter 

 href

 

 

 button 

 align

 

 

 progress

 iframe

 

 

 path 

 center

 

 

 small 

 img

 

 

 var 

 iframe: [all attributes]

 

 

 sub 

 img: [all attributes]

 

 

 sup 

 id

 

 

 u

 class

 

 

 

 font: [`face`, `color`, `size`]

 

 

 

 button: [`style`, `type`]

 

 

 

 progress: [`value`, max`]

 

 

 

 meter: [`value`, `min`, `max`, `optimum`] 

 

 

 

 path: [all attributes]