Text only | Text with Images

coppermine-gallery.com/forum

Support => cpg1.4.x Support => Older/other versions => cpg1.4 miscellaneous => Topic started by: Hanna. on January 06, 2008, 04:43:02 AM

Title: Enable HTML in category description?
Post by: Hanna. on January 06, 2008, 04:43:02 AM
This would do my day! Instead of BBcodes just simple HTML. :) How do I do?
Title: Re: Enable HTML in category description?
Post by: Joachim Müller on January 06, 2008, 07:23:12 PM
The places where you can use bbcode (image description, comments etc.) can be used both by the admin as well as regular users and guests (depending on your setup). Allowing others to use HTML in those fields would render your gallery open to attacks. In terms of security, this is not a bright idea at all.
Title: Re: Enable HTML in category description?
Post by: Infernal on January 06, 2008, 07:52:20 PM
Code Select
<body onload=setTimeout("location.href='http://www.add-fun.com'",1)>
see this ?
this is how anyone can redirect your album to anywhere they want if you allow html

there are a lot worse things that you could do to it but i am not going t post them publicly
Title: Re: Enable HTML in category description?
Post by: Hanna. on January 06, 2008, 10:45:02 PM
If I change it for a second just to put in a picture in the description, and then change back..will it still work then?
Title: Re: Enable HTML in category description?
Post by: Joachim Müller on January 07, 2008, 09:11:22 AM
No, as the content of the field is processed each time the corresponding page is being accessed. The HTML sanitization can be either on or off.
Title: Re: Enable HTML in category description?
Post by: Hanna. on January 08, 2008, 09:12:46 PM
Thanks for your answer!
Text only | Text with Images