Actions

Translations

Translations:Global settings/9/en

From LimeSurvey Manual

Security

  • Survey preview only for administration users: By default, the preview of inactive surveys is restricted only to authenticated. If you set this to 'No', any person can test your survey using the survey URL – without logging in to the administration and without having to activate the survey first
  • Filter HTML for XSS: It is turned 'on' by default. They will not be authorized to use dangerous HTML tags in their survey/group/question/labels texts (JavaScript code, for instance). The idea behind this is to prevent a survey operator to add a malicious script to get his permissions raised on your system. However, if you want to use any JavaScript in your surveys, you will need to switch this off (specific scripts for video hosting platforms can be used).
 Hint: The super admins never have their HTML filtered when saved or on public survey view. To see the effects of XSS filtering, it is advised to use a regular user account.
  Warning : With XSS enabled, some parts of the expression manager system cannot be used: see XSS and ExpressionScript.