ad_page_contract_filter_proc_general_comments_safe (public)

 ad_page_contract_filter_proc_general_comments_safe name value_varname

Defined in packages/general-comments/tcl/general-comments-procs.tcl

Safety checks for content posted in a comment. These checks are package-specific, because content we may allow in other packages, e.g. via the AllowedTag parameter in acs-kernel, should not be allowed here.

Parameters:

name (required)

value_varname (required)

Partial Call Graph (max 5 caller/called nodes):

Testcases:

No testcase defined.

Source code:

upvar $value_varname value

    #
    # We do not allow iframes or frames
    #
    if {[regexp -nocase {<(iframe|frame)} $value]} {
        ad_complain [_ acs-tcl.lt_name_contains_invalid]
        return 0
    }

    #
    # We do not allow any javascript in the content, including
    # event handlers.
    #
    if {![ad_dom_sanitize_html  -allowed_tags *  -allowed_attributes *  -allowed_protocols *  -html $value  -no_js  -validate]} {
        ad_complain [_ acs-tcl.lt_name_contains_invalid]
        return 0
    }

    return 1

Generic XQL file:

packages/general-comments/tcl/general-comments-procs.xql

PostgreSQL XQL file:

packages/general-comments/tcl/general-comments-procs-postgresql.xql

Oracle XQL file:

packages/general-comments/tcl/general-comments-procs-oracle.xql