Forum OpenACS Development: Re: Security parameters in kernel

Collapse
5: Re: Security parameters in kernel (response to 1)
Posted by Matthew Geddert on 12/07/04 12:11 AM
I would add the following to that list:

H5 CITE TBODY

Htmlarea sticks tbody in to tables so without it htmlarea tables are pretty useless. Cite is used to site people and expected by w3 "standards" and H5 since some people might want it. so if you are using html area for tables its pretty much needed. I will also list the ones I know are NOT good:

SRC

If you put this in there people can do nasty things by posting non-existant images and when a logged in admin visits that page it does the bad stuff. Which means that an IMG tag can't be used. One way of fixing this, is verifying that the link is a valid link to a photo in the photodb... but without image validation it can't be allowed.

I would remove:

OPTION SELECT

People won't be creating forms in htmlarea (hopefully). Tags such as FONT are only acceptable if we also allow a number of attributes "such as size, etc." So if that is enabled you would also need to come up with a list of attributes we want to enable. HTML area assumes you can enter cellpadding with its tables, so in order to have a "seamless" experience you would need to add a lot of attributes to this list.

HtmlAREA is a "beast" to deal with for a website that you want to follow standards of appearance. People assume they can copy and paste from Word, etc. and they can't since those programs add various things such as style, class, and other not allowable attributes. These attributes shouldn't be allowed since it would let users mess with the appearance of your site (which is also a security issue). And html area doesn't remove not allowed formatting out of the box the way people expect it to (i.e. like Word).

If you want to for example not allow users to use underline (which you don't have in your list and i approve since underline should only be used for links), copying and pasting from word sometimes put in unused (not visible underlines) that had been there but were deleted. I tell my users that if they need to post a word document i need to do it (by cleaning it) and then they need to edit using only html area. It would be really nice if we had a way of stripping code that isn't allowed away from somebodies post and giving them a preview of the output, after stripping it to what is allowed (or making "logical substitutes" - i.e. a FONT size is large could be converted to a STRONG.