SJ77 Posted May 17 Share Posted May 17 I know html is sanitized but in theory couldn't this allow a clever person a way to inject malicious code? Just trying to understand the risks before I use this option Link to comment Share on other sites More sharing options...
Randy Calvert Posted May 17 Share Posted May 17 Just adding that does not add risk. But the question becomes what you do with the data input by the user. SJ77 1 Link to comment Share on other sites More sharing options...
Marc Stridgen Posted May 17 Share Posted May 17 We would not add options which allow the injection of malicious code in the software, other than items which should only be accessible by trusted people (posting HTML, editing templates etc) Link to comment Share on other sites More sharing options...
SJ77 Posted May 17 Author Share Posted May 17 5 hours ago, Marc Stridgen said: We would not add options which allow the injection of malicious code in the software, other than items which should only be accessible by trusted people (posting HTML, editing templates etc) I am planning to allow people the option to post a url containing an mp4 video file link. I will nest it in the right html for video player embed. @Marc Stridgen I know you would not add options to allow malicious code. I was more concerned about misusing the option and inadvertently causing a risk. Wasn't sure of there were some guidelines for this feature or not. Better to be cautious now than sorry later. Thank you Link to comment Share on other sites More sharing options...
Marc Stridgen Posted May 18 Share Posted May 18 There isnt really a set of guidelines for that, as it could be anything someone is adding, so the guidelines could only be to write secure code. If you are unsure on that, it would be best to contact a developer on this, rather than adding yourself. Generally however, if you are adding things from a known vendor using their code, it will likely have been tested. SJ77 1 Link to comment Share on other sites More sharing options...
Recommended Posts