| Author |
 Topic Search  Topic Options
|
Vaseline 
Groupie
Joined: 03 May 2003
Status: Offline
Points: 66
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: WYSIWYG HTML Editor
Posted: 11 May 2003 at 9:55pm |
I have turned off the WYSIWYG HTML Editor thing, but dont see a big difference. How can one turn of the possibility to change font, size, colour, including pictures and all that jive? Or even better choose what abilities should be a part of editor and what not?
Edited by Vaseline
|
 |
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 12 May 2003 at 4:04am |
Both editors allow the use of changing fonts, colours etc. the only way around this is to edit the files directly and remove these parts.
The files are:-
IE_message_form_inc.asp
message_form_inc.asp
|
|
|
|
headshot_001
Newbie
Joined: 20 May 2003
Status: Offline
Points: 2
|
Post Options
Thanks(0)
Quote Reply
Posted: 20 May 2003 at 9:03pm |
|
I have been lead to believe that if you have this type
of function, it allows a user to submit *malicious*
code. If this is the case, is it possible to turn it off by
doing what you have mentioned in tis previous post?
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 21 May 2003 at 1:48am |
You can turn off the WYSIWYG Editor in the admin area.
There are filters in place that filter out malicious code from posts.
|
|
|
|
headshot_001
Newbie
Joined: 20 May 2003
Status: Offline
Points: 2
|
Post Options
Thanks(0)
Quote Reply
Posted: 21 May 2003 at 2:18am |
|
Is this the section you are referring to?
<snip>
WYSIWYG HTML Editor for Windows IE 5+
This is the type of editor you use to post messages if
you are a Windows IE5+ user. If you turn this function
off everyone will use the Basic message editor.
If you want greater security turn this feature off, but
you will lose functionality.
</snip>
If so, then I have it already switchd to *off* - and it is
still appearing?!
When you say there is filters, what do they do? Do
they strip out particular tags etc?
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 21 May 2003 at 2:36am |
If you turn off the WYSIWYG editor you have a basic editor instead, the basic editor uses forum codes eg. [B][/B] for bold.
This means that the user input is strickly controlled as HTML can not be placed directly in posts and forum codes need to be used instead to format text.
The filters strip malicious codeusing filters that removes or encodes anything that could be used for malicious code, eg. JavaScript, VbScript, certain HTML and CSS tags, etc. are all removed from the post. This prevents malicious code such as cross site scripting, SQL injections, etc. being placed into posts.
|
|
|
|
hans3702
Mod Builder Group
Joined: 23 March 2003
Location: Netherlands
Status: Offline
Points: 141
|
Post Options
Thanks(0)
Quote Reply
Posted: 21 May 2003 at 4:22am |
Hi BoRg, can you or some else give me a hint how to dasable the filter for posing made bij the administator?
I think is just one call to a function someware but I haven;t found it jet.
|
|
robert2504
Newbie
Joined: 08 March 2002
Location: United States
Status: Offline
Points: 29
|
Post Options
Thanks(0)
Quote Reply
Posted: 21 May 2003 at 2:27pm |
|
Is it possible to allow the Administrator to post HTML Code and not allow the rest of the users?
|
|
