Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options
HTML Editor
onesoftindiana
New
Is there any way that I can use HTML editor in addition to the default one. I want to use iframes inside my discussions and embed
other files like swf etc.
Tagged:
0
Comments
You can't use both at the same time, however sometimes if the browser does not support it then it will default to the standard one.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Allowing iframe in discussion is not good security.
The only iframe you should ever allow are one where you parse something and it replaces with a specific trusted function with happens to load in an iframe like some youtube videos.
Again just allowing swf files is bad security. Again it need to be abstracted to a trusted source.
Editor and formatters are two different thing. An editor helps you edit, either plain markup or WYSIWYG. Formatter are what determine the nature of the markup and how it is transformed.
grep is your friend.
I need to embed a swf file inside discussions, what is the best way to do that. I'm using Vanilla 2.1.3 and Bootstrap 2.3.2 I have button bar 1.6 and CLEditor 1.3.1 enabled
Just allowing swf don't to it. Anyone can create a malicious file and embed it in your site. Not worth it.
swf is a means to an end. A service may use swf for a specific application, if this service is a trusted source, then a shot code could be use to embed the type of application used in that service.
Alternatively if only you wish to embed you could do that, but not allow other members to do it.
You need understand the pitfall of publicly posted content and the limitations of trust. that is why what they post need to be limited.
grep is your friend.