Configure HTML sanitizer - Alfresco Document Transformation Engine - 2.4 - 2.4 - Ready - Alfresco - external - Alfresco/Alfresco-Document-Transformation-Engine/2.4/Alfresco-Document-Transformation-Engine/Configure/Configure-HTML-sanitizer

Configure HTML sanitizer - Alfresco Document Transformation Engine - 2.4 - 2.4 - Ready - Alfresco - external - Alfresco/Alfresco-Document-Transformation-Engine/2.4/Alfresco-Document-Transformation-Engine/Configure/Configure-HTML-sanitizer - 2025-04-04

Alfresco Document Transformation Engine

Platform

Alfresco

Product

Alfresco Document Transformation Engine

Release

2.4

License

Starting from DTE 2.4.2, DTE brings new configuration options to control the behavior for HTML sanitizing when converting HTML files.

There are multiple modes you can choose from:

Mode	Description
Blacklist	This is the default setting. You can choose which HTML parts and attributes are not allowed. Ths setting is empty by default, but it stops Server-Side Request Forgery (SSRF) attacks.
Whitelist	You can choose which HTML parts and attributes are allowed. This setting is empty by default, but it stops SSRF attacks.
None	None means there is no sanitization provided at all. SSRF attacks are possible when using this mode, as it re-enables features like embedded script execution or iframe preview. Warning: This mode is not recommended. Administrators - use this setting at your own risk.