enabled describes whether this part of the policy should be enforced or not Boolean true true, false
compensatingControl describes whether there’s another mechanism in place [elsewhere] to handle access controls Boolean false true,false
syntaxValidation checks type (Date, String, etc), length (some number > 0) and format (isEmail, regular expression)
checkLength value must match length exactly Boolean true true, false
checkFormat value must match specified format Boolean true true,false
checkType value must match specified type Boolean true true, false
semanticValidation checks whether values make sense in given context
allowBlankValues value can/cannot be blank Boolean false true,false
orderMakesSense? checks whether the order of two given values are correct Boolean true true,false
valueInRange? checks to make sure the value is within expected (given) range Boolean true true,false
whitelistRequired which user-provided values require a whitelist String Array [“cors”,“csp”,“referer”,“origin”,“host”] Any string for which user-provided data can only match a subset of values*
sanitizeValues attempt to force user input to match acceptable values
enableEncoding change potentially unsafe characters to their expected format String Array [“url”,“body”,“javascript”,“html”,“css”] [“url”,“body”,“javascript”,“html”,“css”]
convertToType attempt to change type mismatches to their expected format Boolean true true,false
blockOnFail if validation fails, block the data Boolean true true, false

* _spartan includes a pre-populated file called “.whitelists” in the security folder which lists the values from this element as String Arrays. You can add, modify or delete new elements to the individual whitelists there. Check the boilerplate/about section for more information