PEAK XOOPS - Re: TinyEditor and My Album 2.84

Top > XOOPS Modules >myAlbum-P >TinyEditor and My Album 2.84

Re: TinyEditor and My Album 2.84

List posts in the topic

Re: TinyEditor and My Album 2.84

msg# 1.1.1.2.1

depth:: 4

Previous post - Next post | Parent - Children.1 | Posted on 2007/2/14 7:09

frankblack 二等兵

Posts: 8

Quote:

I cannot understand it.
What's the evil?

German humour, hard to understand...

Maybe you have a bit time to give me deeper knowledge. The big question is: if html is allowed, HOW it will be injected? Just by adding script-code into the wysiwyg-editor window? In this case tinymce will escape it. Let's assume you are allowed to switch to html-view. There of course you can add script-code. This time the script portion will be stripped, because it is not on the whitelist.

Maybe you want to have a look at http://tinymce.moxiecode.com/example_full.php?example=true and try to add a form or a script.

This is what I meant with client-side sanitizing.

Votes:2 Average:10.00

Posts tree

TinyEditor and My Album 2.84 (TopKnot, 2007/2/12 7:34)
- Re: TinyEditor and My Album 2.84 (GIJOE, 2007/2/13 4:12)
  - Re: TinyEditor and My Album 2.84 (frankblack, 2007/2/13 4:39)
    - Re: TinyEditor and My Album 2.84 (TopKnot, 2007/2/13 8:18)
      - Re: TinyEditor and My Album 2.84 (GIJOE, 2007/2/14 4:15)
    - Re: TinyEditor and My Album 2.84 (GIJOE, 2007/2/14 4:03)
      - Re: TinyEditor and My Album 2.84 (frankblack, 2007/2/14 7:09)
        
        Re: TinyEditor and My Album 2.84 (GIJOE, 2007/2/15 3:10)
        
        Re: TinyEditor and My Album 2.84 (yosha_01, 2007/7/31 2:50)
        
        Re: TinyEditor and My Album 2.84 (GIJOE, 2007/8/10 6:17)
        
        Re: TinyEditor and My Album 2.84 (yosha_01, 2007/8/12 8:14)
- Re: TinyEditor and My Album 2.84 (jayjay, 2008/6/19 21:54)

Lost Password?

Register now!