Welcome to WebmasterWorld Guest from 184.108.40.206
Forum Moderators: phranque
I was wondering about <OBJECT> tags, though. Does anyone see any security issues with allowing these? I know media players use them, but I don’t know much else about them, or if they could be used in a negative way…
And while we’re at it, are there any other html tags I need to be careful with?
is a bad idea as it can be used in a similar fashion to an
- ie. to include third-party content on your page.
If this is a completely open wiki, then you should consider very carefully whether you allow HTML at all - are you sure that the usual BBcodes won't do?
I do have one site which allows the insertion of HTML, my list of allowed elements is:
What I'm actually doing is this: I've set up the TinyMCE editor, which allows visitors to design pages in a WYSIWYG interface and then grab the html code for it and paste it into the wiki page. So it's not like the people themselves are writing the html tags. This means I have to allow all the basic html tags that TinyMCE produces.
So far I'm allowing these tags, and I'm adding new ones as they come up:
<em><blockquote><ul><div><li><ol><center><h1 thru h4><br><span>
Do you see a problem with any of these?
It would be wonderful if there were a WYSIWYG editor that spit out wiki code, but I haven't found anything like that.
then anyone could insert hidden text in a
- so unless you check the source code you won't see the hidden spam links. :)