#4263: XSS Attack
---------------------+------------------------------------------------------
Reporter: Jihua | Owner:
Type: Bug | Status: new
Priority: Normal | Milestone: FCKeditor 2.6.5
Component: General | Version:
Keywords: |
---------------------+------------------------------------------------------
Hi guys , Our site is using FCKEditor , there are some risk with the
source code, we added some filters in the server
site:<(/?)(script|i?frame|html|link|meta|head)([^>]*?)>");(<[^>]*)(on[a-zA-Z]+\\s*=([^>]*)|href\\s*=([^>]*script:[^>]*)>)");[[BR]]
but still can't filter all ,such as the embed video , can anyone help me
out , just let "Youbtobe" video allowed to pass.
--
Ticket URL: <http://dev.fckeditor.net/ticket/4263>
FCKeditor <http://www.fckeditor.net/>
The text editor for Internet
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
FCKeditor-Trac mailing list
FCKeditor-Trac@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fckeditor-trac
