HTML in Text Area
A subset of HTML is allowed in the text area visualization.
Component | Description |
---|---|
Authorization | By default, arbitrary HTML is not allowed in
Spotfire
because it would enable running JavaScript in the text area. The
preference
PerformHTMLSanitation can be set to
false , which allows creating and viewing any
HTML. Setting this preference to
false is not recommended, because doing so
allows any user to create a file with JavaScript code, bypassing all script
trust mechanisms. See
Supported HTML in the Text Area.
|
Execution context | If
PerforHTMLSanitation is set to
false , then HTML or JavaScript runs in a web
browser that does not have direct access to the operating system API. It can
use a subset of the functions provided by the
Spotfire
application for the user who is currently logged in. If a user opens a file
containing trusted JavaScript on the
Spotfire Web Player,
then the script can access anything the user has permission to access in the
domain running the
Spotfire Server
(according to a security policy in browsers referred to as same origin policy).
For this reason, only trusted users should be member of the Script Author
group.
|
Parent topic: Script Types
Related reference
Related information