Drupal Security Question

Hey folks, new here and I have a question for those of you who have the FCK editor on a Drupal site.

If I have the input filters for users set to Filtered HTML and then I have the allowed tags as:

<a> <embed> <object> <em> <strong> <u> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <p> <sub> <sup> <strike> <blockquote> <hr> <br>

will these drupal filters keep users from being able to post code that is not allowed if I give them access to the Source Code option in the FCK editor or will the FCK editor over ride my drupal input filters?

Obviously I don't want users to be able to post anything besides the above mentioned code but I also need them to be able to use the Source Code button so that youtube clips and other such streaming video can be posted in their posts. Any help would be appreciate.

Mon, 10/01/2007 - 10:01

wiktor

Joined: 16/07/2007

Posts: 1641

Re: Drupal Security Question

FCKeditor plugin does not override Drupal settings.
Although users can type anything they want inside FCKeditor (via Source Code option), before saving data Drupal will strip all denied tags.
You may extend your list to:

<a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite><embed> <object><strike>

Wiktor Walc
CTO, CKSource - http://cksource.com
--
Follow CKEditor on: Twitter | Facebook | Google+

Mon, 10/01/2007 - 14:52

swoopnstash

Joined: 30/09/2007

Posts: 9

Re: Drupal Security Question

Thank you so much. FCK editor is the first one I've tried of the three big editors that has worked practically out of the box with my drupal input format settings without some sort of side issue or not getting past the input format settings.

Thank you for responding. I greatly appreciate it.

Thu, 10/04/2007 - 02:23

ambush commander

Joined: 04/10/2007

Posts: 2

Re: Drupal Security Question

You may be interested in this Drupal module, which integrates HTML Purifier with Drupal and allows for much more comprehensive HTML filtering.

Wed, 10/24/2007 - 08:41

swoopnstash

Joined: 30/09/2007

Posts: 9

Re: Drupal Security Question

I've installed FCK, am using the editor with the the following input tags as that's all the space I have in the default input tags space (I haven't had a chance to try the other filters you've advised. So far the only issue I've had a problem with right or left aligning images and having horizontal and verticile space keep the posts text away from the images. I'm almost positive it has to do with the tags because when I'm in edit mode there is the proper space between the images and the text.

These are the tags I'm using

<a> <p> <p/> <span> <div> <h1> <h2> <img> <img/> <center> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite><embed> <object> <strike>

Thu, 10/25/2007 - 09:10

wiktor

Joined: 16/07/2007

Posts: 1641

Re: Drupal Security Question

Could you post some screenshots of what isn't displaying properly?
Btw. http://i241.photobucket.com/albums/ff17 ... wb0001.jpg is not an image file, it points to HTML site.

Wiktor Walc
CTO, CKSource - http://cksource.com
--
Follow CKEditor on: Twitter | Facebook | Google+

Thu, 10/25/2007 - 22:31

swoopnstash

Joined: 30/09/2007

Posts: 9

Re: Drupal Security Question

lol.....yeah, I had removed the actual image from the code since I figured it was an example. Here however is what I am seeing.

Before I Publish a Story:

After I Publish a Story:

Since it appears correctly before I publish I can only assume that's it has something to do with Input Filter Conflicts