Joomla Extensions by Joomdonation

iFrame tags stripped from event details

  • Mark Evans
  • Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
6 years 11 months ago #97855 by Mark Evans
Replied by Mark Evans on topic iFrame tags stripped from event details
James, Tuan,

Just to clarify, this change will not allow people signing up to events to put iFrames or other XSS attempts into the signup forms will it?

Regarding iFrames, I was using the standard media button in TinyMCE, so if Joomla doesn't want to support iFrames, it seems very strange to me to allow the main default editor to support iFrames for embedding media.

What other options are there that embeds within tinyMCE that allows non iFrame youtube embedding? I'm trying to keep things as simple as possible for my editors as they are not developers or code literate.

Please Log in or Create an account to join the conversation.

More
6 years 11 months ago #97880 by Tuan Pham Ngoc
Replied by Tuan Pham Ngoc on topic iFrame tags stripped from event details
Hello Mark

This change is included in latest version 2.14.4, so you don't have to worry about it when you update to future releases of the extension

For your question, this change is only applied to submit event form, not event registration form, so you don't have to worry about it

Also, even for submission form, only users with super admin permission can post these tags. For standard Registered users for example, if they try to submit event, these tags will also be stripped

Tuan

Please Log in or Create an account to join the conversation.

Moderators: Tuan Pham Ngoc

Support

Documentation

Information

Copyright © 2024 Joomla Extensions by Joomdonation. All Rights Reserved.
joomdonation.com is not affiliated with or endorsed by the Joomla! Project or Open Source Matters.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.

Connect Us