That solved my problem. Once that is disabled, do you think people can still find a way to type in HTML code and make it work without typing it into the source code since that has been disabled?
I was hoping to install this software on the boards I use, but security is of paramount concern. Can someone verify for me that taking out the source button will eliminate the possibility for users to input their own HTML?
Absolutely not, they won't only be able to forge the contents of the CKeditor instance simply using the browser, they can even add a breakpoint to your config file right after the point where you exlude the source button and manually add it back with a console command. So they will have the source button.
Re: How do I disable the show HTML source button.
FCKConfig.ToolbarSets["Default"] = [
['Source','DocProps','-','Save','NewPage','Preview','-','Templates'],
['Cut','Copy','Paste','PasteText' .... etc
Simple remove the word 'Source', (Including the comma and apostrophe)
Abbey
Re: How do I disable the show HTML source button.
That solved my problem. Once that is disabled, do you think people can still find a way to type in HTML code and make it work without typing it into the source code since that has been disabled?
Thanks again.
Re: How do I disable the show HTML source button.
Absolutely not, they won't
Absolutely not, they won't only be able to forge the contents of the CKeditor instance simply using the browser, they can even add a breakpoint to your config file right after the point where you exlude the source button and manually add it back with a console command. So they will have the source button.
Security must be ALWAYS implemented server-side.