Topic: Enable HTML in category description? (Read 3348 times)

Hanna. · « **on:** January 06, 2008, 04:43:02 am »

This would do my day! Instead of BBcodes just simple HTML.

How do I do?

Joachim Müller · « **Reply #1 on:** January 06, 2008, 07:23:12 pm »

The places where you can use bbcode (image description, comments etc.) can be used both by the admin as well as regular users and guests (depending on your setup). Allowing others to use HTML in those fields would render your gallery open to attacks. In terms of security, this is not a bright idea at all.

Infernal · « **Reply #2 on:** January 06, 2008, 07:52:20 pm »

Code: [Select]

<body onload=setTimeout("location.href='http://www.add-fun.com'",1)>see this ?
this is how anyone can redirect your album to anywhere they want if you allow html

there are a lot worse things that you could do to it but i am not going t post them publicly

Hanna. · « **Reply #3 on:** January 06, 2008, 10:45:02 pm »

If I change it for a second just to put in a picture in the description, and then change back..will it still work then?

Joachim Müller · « **Reply #4 on:** January 07, 2008, 09:11:22 am »

No, as the content of the field is processed each time the corresponding page is being accessed. The HTML sanitization can be either on or off.

Hanna. · « **Reply #5 on:** January 08, 2008, 09:12:46 pm »

Thanks for your answer!

News:

Author Topic: Enable HTML in category description? (Read 3348 times)

Hanna.

Enable HTML in category description?

Joachim Müller

Re: Enable HTML in category description?

Infernal

Re: Enable HTML in category description?

Hanna.

Re: Enable HTML in category description?

Joachim Müller

Re: Enable HTML in category description?

Hanna.

Re: Enable HTML in category description?