Forum OpenACS Development: Re: html filtering

Collapse
6: Re: html filtering (response to 5)
Posted by Tilmann Singer on
Either change html to allhtml on every page or you could try hacking the ad_page_contract_filter_rule_proc_html proc in packages/acs-tcl/tcl/tcl-documentation-procs.tcl to allow any html on your site. That'd be easier since it would be a changein only one place.

I hope it is clear though that although your system is propably sufficiently protected from attackers from the outside world, these modificiations open it up to CSRF attacks from internal users, e.g. one user could steal all the private data from all the other users.