Translations:Global settings/9/en

Security

 * Survey preview only for administration users: By default, the preview of inactive surveys is restricted only to authenticated. If you set this to 'No', any person can test your survey using the survey URL - without logging in to the administration and without having to activate the survey first
 * Filter HTML for XSS: It is turned 'on' by default. They will not be authorized to use dangerous HTML tags in their survey/group/question/labels texts (JavaScript code for instance). The idea behind this is to prevent a survey operator to add a malicious script in order to get his permissions raised on your system. However, if you want to use any script objects like Javascript scripts of Flash applets in your surveys, you will need to switch this off (specific scripts for video hosting platforms can be used).


 * Group member can only see own group: By default, non-admin users defined in the LimeSurvey management interface will only be able to see other users only if they belong to at least one common group. If the administrator sets this to 'No', then the users can see all the users defined in the LimeSurvey User Control panel, regardless of the group they belong to
 * IFrame embedding allowed: This option can be used to indicate whether or not a browser should be allowed to render the survey page in a, or . You can use this to avoid clickjacking attacks, by ensuring that your survey is not embedded into other sites. If you set it to 'Allow' (the default value), there is no restriction. Setting this to 'Same origin' will make the content to be loaded only if the survey runs on the same domain and port as the including , or
 * Force HTTPS: This is set by default to "Don't force on/off". Switch the setting to "On" to force the connection to use HTTPS