Question
How do I control which HTML tags are used in user topics? I want to prevent<script> tags for a start.
- TWiki version: 01 Dec 2001
- Web server: any
- Server OS: any
- Web browser: any
- Client OS: any
Answer
This is currently not in TWiki. You can however filter certain tags in a Plugin. Write your own plugin or add the filter to the DefaultPlugin, functionstartRenderingHandler:
# filter out all scripts
$_[0] =~ s/<script>.*?<\/script>//gois;
Note that this will filter out any scripts, including TWiki's own like JavascriptBasedEditor. (This code has not been tested)
-- PeterThoeny - 11 Apr 2002
Yes, something along these lines seems to work, although I prefer to list the tags that are allowed and delete the others.
-- MartinEllison - 11 Apr 2002
See also DisableHTML
-- PeterThoeny - 17 Apr 2002
I'm not sure how valuable it is to simply filter out script tags. Many tags allow onxxxxx="code", so an attacker could simply put in an anchor tag, add an onmouseover="do lots o' nasty stuff", and wouldn't be at all restricted by the absence of script tags.
-- DaleBrayden - 17 Jul 2002 
Topic revision: r5 - 2002-07-17 - DaleBrayden
Home 
Site map
Blog web
Search
Changes
RSS Feed
Notifications
Statistics
Preferences
Register new user
Support Forum 
Ask a question
Open questions 
My recent questions
Get quick help in #twiki IRC channel
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2012 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.