WeGuide lets organisations create their own engagement and programs, without touching a single line of code. We’ve made it easy for you to update and change your content. The only limit is your imagination, at least that’s what we’re trying to promote. But, for security reasons, we can’t allow all content in our system. We apply a method called sanitisation which will check if the content that you’ve entered is malicious and might harm our system. If you want to learn more about it, read this article about Little Bobby Tables, which explains why sanitisation is important
So what does this mean for you?
In the admin portal, we have three kinds of fields
- Standard fields
- HTML field
- Logic field
Each field has its own sanitisation rules. The sanitisation rules are basically rejecting certain characters and content
Standard field
A standard field is a field that is not an HTML field or a logic field. All content is allowed in these fields, except the following characters and words:
- >, <, <=, >=, !=, ""
HTML field
![](https://s3-ap-south-1.amazonaws.com/ind-cdn.freshdesk.com/data/helpdesk/attachments/production/84022875166/original/IWIhADz658aX_8D5wWkLnHEbteljk86J4w.png?1672410456)
Example of an HTML field where you can only stylize text
- The following tags: %w[a b i strong em p param h1 h2 h3 h4 h5 h6 br hr ul li img iframe span div]
- The following attributes: %w[href name src type value width height data style allowfullscreen data-mce-fragment target rel id class]
Logic field
Similar sanitisation applies as for the standard field. Since it's about business logica, all the operators this document are also allowed and exempted from sanitisation rules.
Was the article missing some information or unclear? Please click the thumbs down below and let us know how to improve. Your feedback is always appreciated.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article