CRITICAL SECURITY VERSION UPDATE:
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13

Question about MarkItUp texteditor in Fuel Admin.

prutudomprutudom
edited April 2013 in Modules
When I have this code in page body
""
After I click on save it will automatic convert "<" into "<" and ">" into ">".
Now my body in the database now become "<iframe width="230" height="180" src="" frameborder="0" allowfullscreen></iframe>"

In this case, what code should I add inorder to prevent the html_encode here?

Thank you very much.

Comments

  • adminadmin
    edited 10:27AM
    Is this using .93 or the 1.0 beta? Also, you are referring to the pages module correct? There is a "sanitize_input" that can be set on a module, but by default the xss_clean is turned off for the pages module which is usually the culprit for that.
  • prutudomprutudom
    edited 10:27AM
    I think I set this $config['global_xss_filtering'] = TRUE; in fuel/application/config.php.
    Is this the reason that turn on the global filter?
    (This is the reason why that my iframe got sanitize right?)

    Thank you very much.
Sign In or Register to comment.