Security framework update in Zoho Wiki

At Zoho Wiki, we ensure that the data of our customers are safe and secure. We are upgrading our security framework to make sure that we are processing our user data using the most secure protocols.

Currently, Zoho Wiki allows users to add custom tags and attributes to your content. To avoid the possibility of security issues and Cross-Site Scripting (XSS) attacks, we will now only allow the standard HTML tags and attributes. Any tags that are not part of our whitelist will be filtered and removed. Also, if you have applied any custom CSS styling based on the custom tags and attributes, the styling will not be applied. If you have used any custom tags or attributes in your content, we recommend you to remove them before the update. For your existing pages, these tags and attributes will be filtered when you edit your content and hit on save.

For your reference, we have given an example to show how your HTML content will be processed.

Before update:

<div> <p>Sample Content which contains custom tags. </p> </div>
<mytag> <p>This content is wrapped inside a custom tag "MyTag" </p> </mytag>
<customtag> Text content inside customtag </customtag>
<div style="color: red;" customcolor="SomeValueInCustomAttribute"> This content contains a custom attribute &quot;CustomColor&quot;.  </div>
<div> The custom tags are followed by <b>standard tags and attributes.</b>  </div>

After update:

<div> <p>Sample Content which contains custom tags. </p> </div>
<p>This content is wrapped inside a custom tag "MyTag" </p>
Text content inside customtag
<div style="color: red;"> This content contains a custom attribute "CustomColor"  </div>
<div> The custom tags are followed by <b>standard tags and attributes.</b> 
</div>

Be assured that there will be no content loss after this update.

We will be rolling out this update on Dec. 30th, 2018. If you have any concerns, feel free to let us know in the comments section below or mail to us at support @zohowiki.com.

Regards,

Zoho Wiki Team