We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Security... | Forum

Bjorn
Bjorn Nov 8 '10
In ex. profile comment.
User can insert CSS, iframe and maybe more codes.
This is a big security issue.
Can this be fixed ?

Here is the file that check input and output.
Bjorn
Bjorn Nov 8 '10
User can also set multiple value when reg at site.
This can be done by using firebug.
Den Team
Den Nov 8 '10
Quote from Bjorn


In ex. profile comment.

User can insert CSS, iframe and maybe more codes.

This is a big security issue.

Can this be fixed ?



Some weeks ago we tried to closed this feature in profile comments on wall.fm service, but we received a very negative feedback from admin there. Cos people want to use html formatting and embed video in profile's comments. And we decided to allow users to use HTML in comments and etc.







Quote from Bjorn


User can also set multiple value when reg at site.

This can be done by using firebug.



Would you post more details? What the multiple values?