HTML in Text Area
A subset of HTML is allowed in the text area visualization.
Component | Description |
---|---|
Authorization | By default, arbitrary HTML is not allowed in
Spotfire because it would enable running JavaScript in the text area . The
preference
PerformHTMLSanitation can be set to
false , which allows creating and viewing any HTML. Setting this preference to
false is not recommended, because doing so allows any user to create a file with Javascript code, bypassing all script trust mechanisms. See
Supported HTML in the Text Area
|
Execution context | If
PerforHTMLSanitation is set to
false , then HTML or JavaScript runs in a web browser that does not have direct access to the operating system API. It can use a subset of the functions provided by the
Spotfire application for the user who is currently logged in. If a user opens a file containing trusted JavaScript on the
Spotfire Web Player, then the script can access anything the user has permission to access in the domain running the
Spotfire Server (according to a security policy in browsers referred to as same origin policy). For this reason, only trusted users should be member of the Script Author group.
|
Parent topic: Script Types
Related reference
Related information