source: spip-zone/_plugins_/sanitizer/ @ 111226

Last change on this file since 111226 was 111226, checked in by devmutu@…, 3 years ago

Initialisation : sanitize user input from the backend and prevents some XSS attack

File size: 536 bytes
1# Sanitizer
2This plugins prevents user to insert script tags into the content of an article. It checks chapo, ps, text, desciptif with the safehtml function for    malicious code fragments. All other html tags are still allowed.
4## Usage
5Just activate the plugin and clear the cache. After that the plugins filter the inputs
7## Why
8This plugin is the (temporary) answer to a white hat attacker on one of the mutu site. Because spip trust the user he can insert javascript. The moderator the execute this javascript if he press preview.
Note: See TracBrowser for help on using the repository browser.