HTML in Text Area
A subset of HTML is allowed in the text area visualization.
| Component | Description |
|---|---|
| Authorization | By default, arbitrary HTML is not allowed in
Spotfire
because it would enable running JavaScript in the text area. The
preference
PerformHTMLSanitation can be set to
false, which allows creating and viewing any
HTML. Setting this preference to
false is not recommended, because doing so
allows any user to create a file with JavaScript code, bypassing all script
trust mechanisms. See
Supported HTML in the Text Area.
|
| Execution context | If
PerforHTMLSanitation is set to
false, then HTML or JavaScript runs in a web
browser that does not have direct access to the operating system API. It can
use a subset of the functions provided by the
Spotfire
application for the user who is currently logged in. If a user opens a file
containing trusted JavaScript on the
Spotfire Web Player,
then the script can access anything the user has permission to access in the
domain running the
Spotfire Server
(according to a security policy in browsers referred to as same origin policy).
For this reason, only trusted users should be member of the Script Author
group.
|