Enable HTML in category description? Enable HTML in category description?
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Enable HTML in category description?

Started by Hanna., January 06, 2008, 04:43:02 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Hanna.

January 06, 2008, 04:43:02 AM Last Edit: January 09, 2008, 12:41:51 AM by Joachim Müller
This would do my day! Instead of BBcodes just simple HTML. :) How do I do?

Joachim Müller

#1
January 06, 2008, 07:23:12 PM
The places where you can use bbcode (image description, comments etc.) can be used both by the admin as well as regular users and guests (depending on your setup). Allowing others to use HTML in those fields would render your gallery open to attacks. In terms of security, this is not a bright idea at all.

Infernal

#2
January 06, 2008, 07:52:20 PM
Code Select
<body onload=setTimeout("location.href='http://www.add-fun.com'",1)>
see this ?
this is how anyone can redirect your album to anywhere they want if you allow html

there are a lot worse things that you could do to it but i am not going t post them publicly

Hanna.

#3
January 06, 2008, 10:45:02 PM
If I change it for a second just to put in a picture in the description, and then change back..will it still work then?

Joachim Müller

#4
January 07, 2008, 09:11:22 AM
No, as the content of the field is processed each time the corresponding page is being accessed. The HTML sanitization can be either on or off.

Hanna.

#5
January 08, 2008, 09:12:46 PM
Thanks for your answer!
Print
Go Up Pages1
User actions