Forum OpenACS Q&A: Re: Edit-this-page and FORMs

Collapse
Posted by Eric Wolfram on
I think this is a security risk. They don't allow image tags or even tags like in the etp either. I'm not sure why it's a security risk...if someone gets admin privilages to acs then they could add an image or form that do nasty things to the server perhaps? Any comments or pointers to info on why etp doesn't allow certain HTML tags?

I certainly would like to allow privilaged users to add image tags to some etp pages on a travel site I'm doing!
e

Collapse
Posted by Peter Holzleitner on
The tags you believe "they" don't allow can be configured - look at the AllowedTag parameter of the OACS Kernel.

To repeat: That is not my problem, and I understand about security but NEED to have forms there. Yes, I also understand how to create a page outside ETP and refer to this, but that's a very lame workaround - it HAS to work from within ETP.