Opened 14 years ago

Closed 14 years ago

#4263 closed Bug (wontfix)

XSS Attack

Reported by: jihua Owned by:
Priority: Normal Milestone: FCKeditor 2.6.5
Component: General Version:
Keywords: Cc:


Hi guys , Our site is using FCKEditor , there are some risk with the source code, we added some filters in the server site:<(/?)(script|i?frame|html|link|meta|head)([>]*?)>");(<[>]*)(on[a-zA-Z]+
but still can't filter all ,such as the embed video , can anyone help me out , just let "Youbtobe" video allowed to pass.

Change History (1)

comment:1 Changed 14 years ago by Garry Yao

Resolution: wontfix
Status: newclosed

Sorry but have to say that we don't provide protection to XSS with our editor, since things related to this is always of a lot of choices and decisions, FYI, tools like [htmlpurifier] could be adapted to achieve this.

Note: See TracTickets for help on using tickets.
© 2003 – 2022, CKSource sp. z o.o. sp.k. All rights reserved. | Terms of use | Privacy policy