Conditional remove of XSS

Post Reply
digitalphotoworld
User
Posts: 416
Location: Nürnberg/Germany

Conditional remove of XSS

Post by digitalphotoworld »

Please add an option (simple checkbox) to disable the remove of XSS in field setup. Sometimes it is necessary that fields contain code-snipets. At the moment it is only possible to switch it on/off for the whole project.


Webmaster
User
Posts: 9425

Post by Webmaster »

It is not recommended to disable removing XSS for security reasons. If you just want to allow some tags, you can use Page_Load (for a table only) or Page_Loading (for all tables) server event (see Server Events and Client Scripts in the help file) to remove some items from the $EW_XSS_ARRAY, e.g. if you want to allow "embed" and "object" tag,

global $EW_XSS_ARRAY;
$EW_XSS_ARRAY = array_diff($EW_XSS_ARRAY, array("<embed", "<object"));


Post Reply