xss

Events happening in the community are now at Drupal community events on www.drupal.org.
sreedharprabhu.mca@gmail.com's picture

How to implement filters/validation in each and every input field throughout the application.

Posted by sreedharprabhu.... on March 15, 2012 at 9:01am

Hi,

How to implement filters/validation in each and every input field throughout the application?

Thanks,
Sree

Read more
4 comments1 attachment Categories: , , ,
sivaji_ganesh_jojodae's picture

Cross Site Scripting Security vulnerability in quiz

Posted by sivaji_ganesh_j... on November 10, 2011 at 7:40am

It came to our attention that quiz module is vulnerable to Cross Site Scripting attack. Now it has been fixed and a release was rolled out with necessary fixes. Upgrade your site to quiz version 6.x-4.3. See http://drupal.org/node/1336922 for details.

Read more
1 comment Categories: , ,
markus_petrux's picture

How to extend filter_xss() to parse style properties safely?

Posted by markus_petrux on October 18, 2008 at 9:00am

Hi all,

I hope this is a good place to talk about this subject.

WYSIWYG editors such as TinyMCE are great, but when it comes to provide a secure method to filter what such a tool allows to users, I have the feeling that Drupal core filters do not help much.

If we use Full HTML, then we can do anything with our great WYSIWYG editor, however this is no no solution if we need to allow WYSIWYG capabilities to users we cannot trust. So, Full HTML filter might only be a valid solution for personal sites, or sites where all contributors can be trusted 100%.

Read more
22 comments Categories: , , , ,
Subscribe with RSS Syndicate content