Thanks François . I got the idea.
On Oct 31, 1:35 pm, "Francois Zaninotto" <[EMAIL PROTECTED] project.com> wrote: > Your question goes beyond symfony and escaping. If you are not sure about > the code that will be entered in the CMS, don't allow for HTML code. Use > Markdown, BBCode or whatever convention you want, but strip all HTML entered > by the user. There is no way to allow direct HTML formatting AND be safe > from XSS at the same time. > > The CMS is designed to be used by editors who don't want to harm the site, > so HTML can be allowed. But if your need is different, specialize the rich > text slot and make it markdown only. > > François > > 2007/10/31, Mohammad Asif Ali <[EMAIL PROTECTED]>: > > > > > Thanks for your post. > > > I fixed the problem in sfSimpleCMS plugin using the > > escaping_strategy : bc > > > but this causes XSS in sfSimpleForum plugin. > > The fix for this is escaping_strategy : both > > > both plugins are using different setting for escaping_strategy. > > > could you please tell me how can i use both the plugins without any > > problem. > > > Thanks in adavance :o) > > > On Oct 30, 1:05 pm, "Francois Zaninotto" <[EMAIL PROTECTED] > > project.com> wrote: > > > Yes, BC means backwards compatible here, too. It means that escaping is > > not > > > turned on by default, but you can get escaped variables if you aske them > > one > > > by one by way of the $sf_data container. > > > > François > > > > 2007/10/30, Steve Daniels <[EMAIL PROTECTED]>: > > > > > I might be completely off base here, but normally when I see "bc" > > > > mentioned it refers to "backwards compatibility" > > > > > HTH > > > > > Steve > > > > > On 30/10/2007, Mohammad Asif Ali <[EMAIL PROTECTED]> wrote: > > > > > > Hi, > > > > > > Thanks for your help. I fixed it. > > > > > > i put escaping_strategy : bc then its solved. > > > > > > i understand the other values for escaping_strategy (both, on , > > off) > > > > > but what is the use of "bc". > > > > > > Thanks in advance :o) > > > > > > On Oct 29, 7:11 pm, "Francois Zaninotto" <[EMAIL PROTECTED] > > - > > > > > project.com> wrote: > > > > > > Hi Asif, > > > > > > > Do you have output escaping turned on? If so, you must use the > > latest > > > > trunk > > > > > > version of the plugin. > > > > > > > François > > > > > > > 2007/10/29, Mohammad Asif Ali <[EMAIL PROTECTED]>: > > > > > > > > Hi, > > > > > > > > I have installed the sfSimpleCMS plugin and also enabled the > > > > richtext > > > > > > > editing using tinymce. > > > > > > > The problem is when i add some rich text and viewing the page > > its > > > > > > > simply showing the html tags and its not parsing the html. > > > > > > > > can anyone tell me what i am missing? Thanks in advance > > > > > > > > --Asif-- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
