Sanitizer object
The Sanitizer object is a Relativity system object that stores the Sanitizer allow list information. The Sanitizer allow list is used to parse embedded HTML code in HTML-enabled and custom text fields and labels. The sanitizer object is where you can enable or disable the sanitization process on the Relativity instance. The Sanitizer object is located in the Sanitizer Tab.
The sanitization process parses HTML content located in “Message of the day” page, HTML enabled fields, labels and custom text fields on layouts, when rendered on user interface, strips any HTML markup which is not included in the allow list.
Sanitization process is enabled by default.
Sanitizer Allow list
Within the Sanitizer tab is the HTML Sanitizer allow list. The HTML Sanitizer allow list policy XML is used to identify and remove any potentially malicious JavaScript, or any other scripting, which might undermine web site security. This xml contains list of allowed HTML tags, attributes, styles and rules. Rules are usually defined as Regular Expression. For optimization, you can reference common attributes and rules throughout xml. Since there are different ways of getting data into Relativity (Import/Export, Relativity UI, RSAPI, direct SQL access), it's recommended to sanitize HTML on Display and on Save.
Modifying the allow list
In the Sanitizer tab, you can modify the allow list, but modify it with caution and at your own risk.
The XML in the allow list specifies approved HTML markup that will not get stripped from fields with HTML upon page view.
Sanitizer tab
The sanitizer admin tab is hidden by default, but the HTML sanitization is on by default. The visibility of the tab in your Relativity instance has no effect on the sanitization process.
Adding the Sanitizer tab
To add the Sanitizer tab at the Admin level:
- Select the Admin Workspace Configuration tab and select Tabs.
- Filter for Sanitizer from the tabs list and select it.
- Click Edit on the Sanitizer tab layout and set the Visible field to enabled.
- Click Save.
