The screen below shows the administration screen
Administration -> System -> System Behaviour
You will see these two fields.
- Use Global XSS Filter
- HTML elements blocked by filter
The global XSS filter performs a set of operations to detect cross-site scripting (XSS) in all screens in Sage CRM. This is to protect against XSS attacks as data is submitted.
HTML Tag filtering isn’t the only thing that the XSS filter does. But the list of tags that will raise a flag are the ones defined in the filtered tags list.
If anything disallowed is encountered it is rendered safe by returning only content that passes the filter.