CKEditor 4
Sun, 09/30/2007 - 17:47
#1
swoopnstash
swoopnstash's picture
Joined: 30/09/2007
Posts: 9

Drupal Security Question

Hey folks, new here and I have a question for those of you who have the FCK editor on a Drupal site.

If I have the input filters for users set to Filtered HTML and then I have the allowed tags as:
<a> <embed> <object> <em> <strong> <u> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <p> <sub> <sup> <strike> <blockquote> <hr> <br>
will these drupal filters keep users from being able to post code that is not allowed if I give them access to the Source Code option in the FCK editor or will the FCK editor over ride my drupal input filters?

Obviously I don't want users to be able to post anything besides the above mentioned code but I also need them to be able to use the Source Code button so that youtube clips and other such streaming video can be posted in their posts. Any help would be appreciate.
Top
Mon, 10/01/2007 - 10:01
wiktor
wiktor's picture
Joined: 16/07/2007
Posts: 1641

Re: Drupal Security Question

FCKeditor plugin does not override Drupal settings.
Although users can type anything they want inside FCKeditor (via Source Code option), before saving data Drupal will strip all denied tags.
You may extend your list to:

<a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite><embed> <object><strike>

Wiktor Walc
CTO, CKSource - http://cksource.com
--
Follow CKEditor on: Twitter | Facebook | Google+

Top
Mon, 10/01/2007 - 14:52
swoopnstash
swoopnstash's picture
Joined: 30/09/2007
Posts: 9

Re: Drupal Security Question

Thank you so much. FCK editor is the first one I've tried of the three big editors that has worked practically out of the box with my drupal input format settings without some sort of side issue or not getting past the input format settings.

Thank you for responding. I greatly appreciate it.
Top
Thu, 10/04/2007 - 02:23
ambush commander
ambush commander's picture
Joined: 04/10/2007
Posts: 2

Re: Drupal Security Question

this Drupal module
Top
Wed, 10/24/2007 - 08:41
swoopnstash
swoopnstash's picture
Joined: 30/09/2007
Posts: 9

Re: Drupal Security Question





<a> <p> <p/> <span> <div> <h1> <h2> <img> <img/> <center> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite><embed> <object> <strike>




<p><img width="200" vspace="2" hspace="5" height="150" align="left" src="http://i241.photobucket.com/albums/ff175/image/wb0001.jpg" alt="" />I want to test this out to see how it works.</p>
Top
Thu, 10/25/2007 - 09:10
wiktor
wiktor's picture
Joined: 16/07/2007
Posts: 1641

Re: Drupal Security Question


http://i241.photobucket.com/albums/ff17 ... wb0001.jpg

Wiktor Walc
CTO, CKSource - http://cksource.com
--
Follow CKEditor on: Twitter | Facebook | Google+

Top
Thu, 10/25/2007 - 22:31
swoopnstash
swoopnstash's picture
Joined: 30/09/2007
Posts: 9

Re: Drupal Security Question





Image



Image

Top
Twitter Facebook Facebook Instagram Medium Linkedin GitHub Arrow down Phone Menu Close icon Check