Enable HTML in category description? Enable HTML in category description?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Enable HTML in category description?

Started by Hanna., January 06, 2008, 04:43:02 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Hanna.

This would do my day! Instead of BBcodes just simple HTML. :) How do I do?

Joachim Müller

The places where you can use bbcode (image description, comments etc.) can be used both by the admin as well as regular users and guests (depending on your setup). Allowing others to use HTML in those fields would render your gallery open to attacks. In terms of security, this is not a bright idea at all.

Infernal

<body onload=setTimeout("location.href='http://www.add-fun.com'",1)>
see this ?
this is how anyone can redirect your album to anywhere they want if you allow html

there are a lot worse things that you could do to it but i am not going t post them publicly

Hanna.

If I change it for a second just to put in a picture in the description, and then change back..will it still work then?

Joachim Müller

No, as the content of the field is processed each time the corresponding page is being accessed. The HTML sanitization can be either on or off.

Hanna.