IS there a security risk to adding a custom button to your editor with "option" enabled

[SJ77]

I know html is sanitized but in theory couldn't this allow a clever person a way to inject malicious code? Just trying to understand the risks before I use this option

[Randy Calvert]

Just adding that does not add risk.  But the question becomes what you do with the data input by the user. 

[Marc Stridgen]

We would not add options which allow the injection of malicious code in the software, other than items which should only be accessible by trusted people (posting HTML, editing templates etc)

[SJ77]

5 hours ago, Marc Stridgen said:

We would not add options which allow the injection of malicious code in the software, other than items which should only be accessible by trusted people (posting HTML, editing templates etc)

I am planning to allow people the option to post a url containing an mp4 video file link. I will nest it in the right html for video player embed.

@Marc Stridgen I know you would not add options to allow malicious code. I was more concerned about misusing the option and inadvertently causing a risk. Wasn't sure of there were some guidelines for this feature or not. Better to be cautious now than sorry later.

Thank you

[Marc Stridgen]

There isnt really a set of guidelines for that, as it could be anything someone is adding, so the guidelines could only be to write secure code. If you are unsure on that, it would be best to contact a developer on this, rather than adding yourself. Generally however, if you are adding things from a known vendor using their code, it will likely have been tested.