Home
The Toolkit for Online Communities
17103 Community Members, 1 member online, 2115 visitors today
Log In Register
OpenACS Home : Forums : OpenACS Q&A : Switching from ACS3.2 to OACS4.6 : i'm a bit disoriented. : One Message

Forum OpenACS Q&A: Re: Switching from ACS3.2 to OACS4.6 : i'm a bit disoriented.

1 - I'd love to know the answer to that question as well. Especially where to store addresses and stuff like that. Somebody posted the same question a few weeks ago but unfortunately no one answered.

2 - its in user_preferences now

3 - If you allow <script> tags in user inputted html code then you're open to all sorts of cross site scripting tags. There is a parameter setting that allows you to list the allowed tags for user input: sitemap -> acs-kernel -> All. This changes the allowed input for the whole installation. It might make sense though to only change this for the adserver module, in this case you have to find ad_page_contract of the page that checks that input and change the filter from :html to :allhtml.

Maybe that would make sense as standard behaviour, e.g. admins may post any html in adserver, others just restricted. Feel free to post bug in bugtracker.