This setting controls Fossil's behavior when it encounters a potential XSS or SQL-injection vulnerability due to misuse of TH1 configuration scripts. Choices are:

off

Do nothing. Ignore the vulnerability.

log

Write a report of the problem into the error log.

block

Like "log" but also prevent the offending TH1 command from running.

fatal

Render an error message page instead of the requested page.