Hi, I am trying to tighten security on richtext editor we got.For some crazy reason we're using tinymce but anyhow... I stripped stuff to limited tags (using htmlpurifier).
Now questions is is <object tag a secruity threat e.g flash stuff etc. And if it is any examples/proofs of issue. Thanks.
Is <object in rich text editor a security risk?
Moderator: General Moderators
Re: Is <object in rich text editor a security risk?
Here's something that may be of interest to you:
viewtopic.php?f=6&t=104827
viewtopic.php?f=6&t=104827
Re: Is <object in rich text editor a security risk?
Also, flash cookies, loading known vulnerable plugins and exploiting them, logging of user IPs. That's what I can think of offhand.
Re: Is <object in rich text editor a security risk?
Got the picture. get rid of flash set by users
Thanks
Re: Is <object in rich text editor a security risk?
It's not just flash, all types of embedded content (i.e. plugins) is potentially dangerous.
Also, don't forget the <embed tag.
Also, don't forget the <embed tag.