XSS TinyMCE – filter attributes
-
Hey there,
I have a security problem. Adding some html-attributes to the editor (TinyMCE) like onmouseover, onclick etc. I can run javascript on the client-browser, because there’s no function that is filtering the html attributes.
The problem is, that I also have a front-site editor and want to filter some html-attributes. The unsecure tags like <script></script> will be removed with the strip_tags function.
Is there already a function in wordpress or is this a security issue?Thanks,
NinosPS: bbpress is removing the attributes for non-admins, but I haven’t found a function that’s doing that :/
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘XSS TinyMCE – filter attributes’ is closed to new replies.