Forum OpenACS Q&A: Re: htmlArea ad

Forum OpenACS Q&A: Re: htmlArea ad_form

4: Re: htmlArea ad_form (response to 1)

Posted by xx xx on 07/02/04 11:56 PM

The restriction is that you call <master> or at least <master src=/www/blank-master> in your page.

You also need to define rows/cols which wasn't obvious to me.

There is a parameter UseHtmlAreaForRichtextP in acs-templating that will turn all richtext-textarea's into htmlarea's by default.

The "B I U links" of the richtext widget remain visible AFAIK.

I guess it is not save to allow users access to all functions that are offered by htmlarea (hyperlinks/IMG/HTMLsource), or is openACS' check for valid tags/attributes considered sufficient?

5: Re: htmlArea ad_form (response to 4)

Posted by Jade Rubick on 07/03/04 01:37 AM

If you allow the IMG tag in acs-kernel, you're opening things up to a security risk, but that may be alleviated somewhat by a new package called sudo, that Barry's developing.

Check your acs-kernel parameters and if you're not allowing * or IMG, you're fine, I think.