PEAK XOOPS - Re: TinyEditor and My Album 2.84

HOME | d3shop | piCal | myAlbum-P | Downloads | Forum | News | d3pipes | Sitemap | Repository |

| XOOPS Modules | XOOPS Hacks | Etc. | Comments |

Top > XOOPS Modules >myAlbum-P >TinyEditor and My Album 2.84

Re: TinyEditor and My Album 2.84

List posts in the topic

Re: TinyEditor and My Album 2.84

msg# 1.1.1.2.1.1

depth:: 5

Previous post - Next post | Parent - Children.1 | Posted on 2007/2/15 3:10

GIJOE

先任軍曹

Posts: 4110

Quote:

frankblack wrotes:
The big question is: if html is allowed, HOW it will be injected? Just by adding script-code into the wysiwyg-editor window?

You should learn POST data is independent from "form" (wysiwyg-editor window) completely.

Attackers can post malicious codes even via telnet.

Votes:9 Average:10.00

Posts tree

TinyEditor and My Album 2.84 (TopKnot, 2007/2/12 7:34)
- Re: TinyEditor and My Album 2.84 (GIJOE, 2007/2/13 4:12)
  - Re: TinyEditor and My Album 2.84 (frankblack, 2007/2/13 4:39)
    - Re: TinyEditor and My Album 2.84 (TopKnot, 2007/2/13 8:18)
      - Re: TinyEditor and My Album 2.84 (GIJOE, 2007/2/14 4:15)
    - Re: TinyEditor and My Album 2.84 (GIJOE, 2007/2/14 4:03)
      - Re: TinyEditor and My Album 2.84 (frankblack, 2007/2/14 7:09)
        
        Re: TinyEditor and My Album 2.84 (GIJOE, 2007/2/15 3:10)
        
        Re: TinyEditor and My Album 2.84 (yosha_01, 2007/7/31 2:50)
        
        Re: TinyEditor and My Album 2.84 (GIJOE, 2007/8/10 6:17)
        
        Re: TinyEditor and My Album 2.84 (yosha_01, 2007/8/12 8:14)
- Re: TinyEditor and My Album 2.84 (jayjay, 2008/6/19 21:54)

Login

Lost Password?

Register now!