[support] How to have format default to paragraph - tinyMCE
Jody Cleveland
cleveland at winnefox.org
Wed Feb 21 13:53:08 UTC 2007
> I sometimes wonder why we even bother doing <http://drupal.org/security>.
>
> Unless you are the only user posting on the site, setting Full HTML as the
> default input format is both 1) the easy way out and 2) insecure.
>
> 1. You can simply investigate which tags are needed and add those to the HTML
> filter.
>
> 2. Insecure, because you allow all users to execute cross site scripting
> attacks.
Ideally, it'd be nice if comments could have their own input format. With
the authors of the site, I need them to be able to be able to put in html.
With commenters, all I want them to do is plain text.
- jody
Sent using the Microsoft Entourage 2004 for Mac Test Drive.
More information about the support
mailing list