SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Evangelist Mr. Tech's Avatar
    Join Date
    Feb 2003
    Location
    Australia
    Posts
    562
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Online WYSIWYG and viewing source

    I accept article submissions to my site and I'm going to use an online WYSIWYG editor so they can easily bold text etc.

    However I'm not sure if i should enable the View Source and edit the code of the article but wouldn't that open up some security risks? Could they add code that could hack my server etc? For example what if they added PHP code? Since I won't remove < & > wouldn't it display the PHP code?

    I notice devpapers.com allow you to modify the source code

  2. #2
    Snowboarders die even younger igor.kudela's Avatar
    Join Date
    Feb 2005
    Posts
    731
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    u should have a mechanism for filtering out any code that can be executed on the server side as well as broswer side ( j script vb script)
    Igor Kudela
    NetPublisher - FREE Customizable .NET CMS

  3. #3
    SitePoint Evangelist Mr. Tech's Avatar
    Join Date
    Feb 2003
    Location
    Australia
    Posts
    562
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK, well it's a PHP script that it will be running on. So what exactly (as in code) do I need to filter. I don't knw the vb script tags. Some obvious ones would be:

    <?php
    ?>
    <script *>
    </script>


    Anymore you can add to my list?

  4. #4
    SitePoint Guru puco's Avatar
    Join Date
    Feb 2005
    Location
    Slovakia
    Posts
    785
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Others are: javascript events (on*), <script .*/>, css behaviors.

    Other solution is to allow posting the formatting in BBCode or other markup language.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •