| 1. | On the Application Preferences screen, click Security from the Components menu. |
| 2. | Click the checkbox beside Cookies use SameSite=strict to enable greater security against potential click-jacking attempts. Note: Enabling this feature may cause issues if the LCMS is launched through a portal. |
| 3. | Click the checkbox beside Strict HTML Validation to enable strict HTML validation using a modified version of OWASP AntiSamy. Note: Visit OWASP.org for more information. |
| 4. | When Strict HTML Validation is enabled, the user will receive warnings whenever unsafe HTML is entered in a text field. A warning window will open to display the current HTML causing the warning along with a clean version of the HTML. The user may click the Clean & Save button to have the LCMS clean the HTML automatically or click the Close button to clean the HTML themselves. Note: Users will not be able to save the HTML until it is deemed to be clean. |
| 5. | Deselect the Allow 3rd Party Content checkbox to disable the import/upload of 3rd party content. Note: This option is enabled by default. |
| 6. | Deselect the checkbox for the roles who will not have access to 3rd party content. Note: All roles have access to 3rd party content by default. |
| 7. | Set the New Screen Security Defaults by selecting the Security Classification and Controlled Goods category from the corresponding drop-down menu. Note: This will set the security classification and controlled goods category defaults for new screens within a new project. |
| 8. | Set the New User Security Defaults by selecting the Security Classification and Controlled Goods category from the corresponding drop-down menu. Note: This will set the security defaults used when a new user is created. |
| 9. | Click the Submit button to save your changes or click Cancel to return to the previous screen without saving. |
|
