WYSIWYG editors Vs. Security [XOOPS general usage questions]

WYSIWYG editors Vs. Security

2006/8/29 23:04
phreak_phy
Just popping in
Posts: 14
Since: 2006/1/27

The problem I have with WYSIWYG editors is that HTML has to be enabled in the forum it is being used in. In doing so I open my site up to many XSS attacks. Is there a way to have WYSIWYG without HTML enabled (WYSIWYG BBcode?), or a way to prevent XSS attacks when HTML is enabled?

I want the best of both worlds, but exposing myself to XSS attacks is not an option.

Re: WYSIWYG editors Vs. Security

2006/8/29 23:12
WarDick
Just can't stay away
Posts: 890
Since: 2003/9/13

Right now the only solution is to limit access to the WYSIWYG to trusted user.

Here is an article about the possible development at GIJoes Website.

Urging XOOPS to be the Best It Can Be.
Richard......

Re: WYSIWYG editors Vs. Security

2006/8/30 2:42
phreak_phy
Just popping in
Posts: 14
Since: 2006/1/27

Well, how does IPB or vB do it?

Instead of a WYSIWYG BBcodeeditor, couldnt we just have some hefty text sanitization?

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

WYSIWYG editors Vs. Security

Re: WYSIWYG editors Vs. Security

Re: WYSIWYG editors Vs. Security

Login

Search

Recent Posts

XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}