Overview
By default, Kayako will strip out potentially unsafe HTML tags (like <script>
or <iframe>
) from your Help Center articles, since they can be used to embed malicious code. This security option can be changed in your Kayako instance.
Diagnosis
Your Help Center is equipped with a feature that users can utilize to embed forms and other rich media using tags like <script>
or <iframe>
. However, these tags can carry potentially unsafe HTML or malicious code in Help Center articles. To reduce the risk of somebody introducing malicious codes, you can leave the default restrictions in place. This way, every time a user inserts potentially unsafe HTML, they will receive the warning similar to the screenshot below.
But as mentioned, these tags come in very handy when you need to embed forms and other rich media. So the choice is yours and if you want to allow these HTML elements to support self-service fanciness, then you can change the settings at any time.
Prerequisites
- To edit any of the security and user registration settings, you will need an administrator account with the 'Manage system configuration' permission.
Solution
Follow these steps to allow your team to use HTML elements in your Help Center articles:
- Sign in to the admin area.
- Click on Security policies in the sidebar.
- Make sure you're on the 'Help Center content' tab.
- Check the Allow potentially unsafe HTML in Help Center articles box.
- Click the Save button when you're done.
Testing
If the option Allow potentially unsafe HTML in Help Center articles box is checked, then you will be allowed to use tags like <script>
or <iframe>
without any warning from the system.
If you wish to test this feature, you can try inserting such tags in one of your Help Center articles. If you did not receive the error similar to the screenshot below after saving or updating your article, then that means you have successfully allowed the option.