Check Content for Dangerous Substrings landing.repo.checkContent
If you are developing integrations for Bitrix24 using AI tools (Codex, Claude Code, Cursor), connect to the MCP server so that the assistant can utilize the official REST documentation.
Scope:
landingWho can execute the method: user with View access permission in the Sites section
The method landing.repo.checkContent checks content through a sanitizer.
Method Parameters
Required parameters are marked with *
|
Name |
Description |
|
content* |
Content to be checked |
|
splitter |
A delimiter that marks dangerous fragments in Default: |
Code Examples
How to Use Examples in Documentation
Example of content checking, where:
content— HTML to be checkedsplitter— marker string for dangerous fragments
curl -X POST \
-H "Content-Type: application/json" \
-d '{
"content": "<div style=\"color:red\" onclick=\"alert(1)\"><iframe src=\"//evil.com\"></iframe></div>",
"splitter": "#AAA#"
}' \
"https://**put.your-domain-here**/rest/**user_id**/**webhook_code**/landing.repo.checkContent.json"
curl -X POST \
-H "Content-Type: application/json" \
-d '{
"content": "<div style=\"color:red\" onclick=\"alert(1)\"><iframe src=\"//evil.com\"></iframe></div>",
"splitter": "#AAA#",
"auth": "**put_access_token_here**"
}' \
"https://**put.your-domain-here**/rest/landing.repo.checkContent.json"
try
{
const response = await $b24.callMethod(
'landing.repo.checkContent',
{
content: '<div style="color:red" onclick="alert(1)"><iframe src="//evil.com"></iframe></div>',
splitter: '#AAA#'
}
);
const result = response.getData().result;
console.info(result);
}
catch (error)
{
console.error(error);
}
try {
$response = $b24Service
->core
->call(
'landing.repo.checkContent',
[
'content' => '<div style="color:red" onclick="alert(1)"><iframe src="//evil.com"></iframe></div>',
'splitter' => '#AAA#',
]
);
$result = $response
->getResponseData()
->getResult();
echo 'Success: ' . print_r($result, true);
} catch (Throwable $e) {
error_log($e->getMessage());
echo 'Error checking content: ' . $e->getMessage();
}
BX24.callMethod(
'landing.repo.checkContent',
{
content: '<div style="color:red" onclick="alert(1)"><iframe src="//evil.com"></iframe></div>',
splitter: '#AAA#'
},
function(result)
{
if (result.error())
{
console.error(result.error());
}
else
{
console.info(result.data());
}
}
);
require_once('crest.php');
$result = CRest::call(
'landing.repo.checkContent',
[
'content' => '<div style="color:red" onclick="alert(1)"><iframe src="//evil.com"></iframe></div>',
'splitter' => '#AAA#',
]
);
if (isset($result['error']))
{
echo 'Error: ' . $result['error_description'];
}
else
{
echo '<pre>';
print_r($result['result']);
echo '</pre>';
}
Response Handling
HTTP Status: 200
{
"result": {
"is_bad": true,
"content": "\u003Cdiv style=\u0022color:red\u0022 oncl#AAA#ick=\u0022alert(1)\u0022\u003E\u003Cifr#AAA#ame src=\u0022\/\/evil.com\u0022\u003E\u003C\/iframe\u003E\u003C\/div\u003E"
},
"time": {
"start": 1774952664,
"finish": 1774952665.017161,
"duration": 1.0171608924865723,
"processing": 0,
"date_start": "2026-03-31T13:24:24+02:00",
"date_finish": "2026-03-31T13:24:25+02:00",
"operating_reset_at": 1774953265,
"operating": 0
}
}
Returned Data
|
Name |
Description |
|
result |
Result of the check more details |
|
time |
Information about the request execution time |
Type result
|
Name |
Description |
|
is_bad |
Indicator of dangerous fragments in the content |
|
content |
Content after being processed by the sanitizer |
Error Handling
HTTP Status: 400
{
"error": "ERROR_ARGUMENT",
"error_description": "The value of an argument 'content' has an invalid type",
"argument": "content"
}
{
"error": "ACCESS_DENIED",
"error_description": "Insufficient permissions."
}
|
Name |
Description |
|
error |
String error code. It may consist of digits, Latin letters, and underscores |
|
error_description |
Textual description of the error. The description is not intended to be shown to the end user in its raw form |
Possible Error Codes
|
Code |
Description |
Value |
|
|
Not enough parameters for the call, missing: content |
Method call without |
|
|
The value of an argument 'content' has an invalid type |
Parameter |
|
|
Insufficient permissions |
User did not pass general access checks |
|
|
Token lacks sufficient scope |
Token does not contain |
Statuses and System Error Codes
HTTP Status: 20x, 40x, 50x
The errors described below may occur when calling any method.
|
Status |
Code |
Description |
|
|
|
An internal server error has occurred. Please contact the server administrator or Bitrix24 technical support |
|
|
|
An internal server error has occurred. Please contact the server administrator or Bitrix24 technical support |
|
|
|
The request intensity limit has been exceeded |
|
|
|
The current method is not permitted for calls using batch |
|
|
|
The maximum length of parameters passed to the batch method has been exceeded |
|
|
|
Invalid access token or webhook code |
|
|
|
The HTTPS protocol is required for method calls |
|
|
|
The REST API is blocked due to overload. This is a manual individual block; please contact Bitrix24 technical support to lift it |
|
|
|
The REST API is only available on commercial plans |
|
|
|
The user associated with the access token or webhook used to call the method lacks the necessary permissions |
|
|
|
The manifest is not available |
|
|
|
The request requires higher privileges than those provided by the webhook token |
|
|
|
The provided access token has expired |
|
|
|
The user does not have access to the application. This means that the application is installed, but the portal administrator has restricted access to this application to specific users only |
|
|
|
The public part of the site is closed. To open the public part of the site on an on-premise installation, disable the "Temporary closure of the public part of the site" option. Path to the setting: Desktop > Settings > Product Settings > Module Settings > Main Module > Temporary closure of the public part of the site |
Continue Learning
- Add a Custom Block to the Repository landing.repo.register
- Get a List of Custom Blocks landing.repo.getList
- Delete User Block landing.repo.unregister
- Custom Blocks: Overview of Methods