Hi,
A blacklist is very hard to do. You can also bypass this filter by using <a href="javascript:evil_function()"> or <a onclick="evilfunction"> and many, many more. It would be impossible to catch them all, because every system that has tried to do so has had bugs in the past. So, IOW, you're ...
Search found 4 matches
- Wed Sep 06, 2006 4:11 am
- Forum: General discussions
- Topic: WYSIWYG in comments
- Replies: 6
- Views: 3131
- Mon Sep 04, 2006 9:50 pm
- Forum: General discussions
- Topic: WYSIWYG in comments
- Replies: 6
- Views: 3131
Re: WYSIWYG in comments
Absolutely. Allowing HTML introduces all sort of JavaScript injection, which can lead to cookie disclosure, password disclosure and web defacement. Thank you for responding. I am not too fluent on this issue, so if you could bear with me just a little more, I have a couple of extension questions on ...
- Mon Sep 04, 2006 6:21 pm
- Forum: General discussions
- Topic: WYSIWYG in comments
- Replies: 6
- Views: 3131
WYSIWYG in comments
WYSIWYG usage in articles is nice to have, though I --as the article writer-- can easily make do without it.
Since it is the authors that get to use it, there's easily much more capable alternatives --OpenOffice, Nvu etc-- which means you can simply copy paste from them to s9y.
And, face it, for ...
Since it is the authors that get to use it, there's easily much more capable alternatives --OpenOffice, Nvu etc-- which means you can simply copy paste from them to s9y.
And, face it, for ...
- Sun Sep 03, 2006 11:59 pm
- Forum: Installation
- Topic: Download Beta 1.1
- Replies: 4
- Views: 2820