[support] How to have format default to paragraph - tinyMCE
Victor Kane
victorkane at gmail.com
Tue Feb 20 17:37:37 UTC 2007
Absolutely, the proper solution is to add in to the filtered HTML input
filter those tags which are secure and absolutely indispensable.
Very important point.
Victor Kane
http://awebfactory.com.ar
On 2/20/07, Heine Deelstra <hdeelstra at gmail.com> wrote:
>
> Victor Kane wrote:
> > You must either change the default input filter to full html, or else
> > edit the off-the-shelf default "filtered html" to include the basic tags
> > users create with tinyMCE.
>
> I sometimes wonder why we even bother doing <http://drupal.org/security>.
>
> Unless you are the only user posting on the site, setting Full HTML as the
> default input format is both 1) the easy way out and 2) insecure.
>
> 1. You can simply investigate which tags are needed and add those to the
> HTML
> filter.
>
> 2. Insecure, because you allow all users to execute cross site scripting
> attacks.
>
> Regards,
>
> Heine
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20070220/bea50cf6/attachment.htm
More information about the support
mailing list