Support Forum

Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
general-topic
Default editor and attachments
Avatar
Barna B
Member
Free Members
sp_UserOfflineSmall Offline
Sep 12, 2014 - 5:59 pm

HI

 

I would like to keep using the default editor for the replys etc BUT when i add an attachment it adds the full file patch in as a html code that can be a HUGE security risk.

 

Is there any way to hide anything like this ?

 

Thnx

Avatar
Mr Papa
Simi Valley, CA
SP Master
Free Members
sp_UserOfflineSmall Offline
Sep 12, 2014 - 6:53 pm

can you explain further what you mean?  Where do you see a path to the attachment?  I only see a URL...  and if you meant URL, can you explain why its a huge security risk??

Avatar
Barna B
Member
Free Members
sp_UserOfflineSmall Offline
Sep 13, 2014 - 4:21 am

Mr Papa said
can you explain further what you mean?  Where do you see a path to the attachment?  I only see a URL...  and if you meant URL, can you explain why its a huge security risk??

HI

 

Yes that ULR gives away a lot to someone who is looking for where to start attacking the site. Also users dont know what happened when they add an image and a pile of code pops in for them :D  

 

TinyMCE doesnt work with Chrome (reply issue in chrome) and the default is giving out information that is scary to 90% of normal users and sec. risk for the site owner :/

 

baki.JPGImage Enlarger

Avatar
Yellow Swordfish
Glinton, England
SP Master
sp_UserOfflineSmall Offline
Sep 13, 2014 - 5:17 am

I do not really understand why on earth this is some sort of huge security risk. I can go to any website and interrogate the source url of any image and find out where it is located. The information is available all of the time. Please can you explain to me what the risk is specifically seeing the same url in the editor as you do on the actual displayed website?

Of more importance, perhaps, is why is the tinyMCE editor not working for you. Have we had a topic here on this?

andy-signature.png
YELLOW
SWORDFISH
Avatar
Barna B
Member
Free Members
sp_UserOfflineSmall Offline
Sep 13, 2014 - 5:50 am

ok lets forget the security part....

 

fact : when a normal user see a bunch of code they will freak out of where is the img they just added to the text.  Is there any way to see the added image instead of the code. :)

Avatar
Ike
Sawtry, UK
Member
Free Members
sp_UserOfflineSmall Offline
Sep 13, 2014 - 6:01 am

I don't think anyone would "freak out". Posting a picture to most other forums from a web source requires a full URL to be displayed using something like [img] tags. You can get the full URL of any image on any website by right clicking the image and viewing image info. I'd be far more concerned if when posting the uploaded image, you got a file path rather than a picture, but again this is more a display problem rather than a security risk.

Do the pictures post OK?

Avatar
Yellow Swordfish
Glinton, England
SP Master
sp_UserOfflineSmall Offline
Sep 13, 2014 - 6:18 am

Ike is right. A path would definitely be a security risk. 

In answer to the question regarding the image being shown - in the default edit window - no. This is a standard HTML text box control which is unable to display anything other than text.

Which brings us back to your problem with the rich text editor?

andy-signature.png
YELLOW
SWORDFISH
Avatar
Barna B
Member
Free Members
sp_UserOfflineSmall Offline
Sep 13, 2014 - 6:39 am

 when i make a website here is the No.1 rule : when my mom will try to use is will she understand it ?  if she saw a bunch of HTML code she will leave it there right away.

 

Yes tinyMCE would be perfect if stupid chrome would let is work properly :/   since most androids use chrome browser i m forced to close down the forum im working on till it is resolved :(

Avatar
Mr Papa
Simi Valley, CA
SP Master
Free Members
sp_UserOfflineSmall Offline
Sep 13, 2014 - 11:15 am

can you explain this problem with chrome and android with tinymce?  all you have mentioned in this topic is the image url being shown... 

and when you say chrome, do you really mean chrome?  or the default browser that come with android?  they are two different things though have some lineage...  most android phones do not have the full chrome browser by default... 

and I can use either one fine here...

so if you can provide some more details, we can try to help you...

Avatar
kvr28
Member
Free Members
sp_UserOfflineSmall Offline
Sep 13, 2014 - 7:26 pm

Since he mentioned android, I wonder if the issue is the chrome/upload attachment issue I had several months ago, same as the safari/upload issue someone had mentioned the other day, Mr Papa suggested firefox and I have no issues with the uploader since switching to FF, I had to make a post on my support forum about it to let the mobile users know, same with mercury that yellow suggested for Iphone, but chrome/droid default/safari, uploader does not work and creates a bunch of issues

Forum Timezone: Europe/Stockholm
Most Users Ever Online: 1170
Currently Online:
Guest(s) 1
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Mr Papa: 19448
Ike: 2086
Brandon: 864
kvr28: 804
jim: 650
FidoSysop: 577
Conrad_Farlow: 531
fiddlerman: 358
Stefano Prete: 325
Member Stats:
Guest Posters: 620
Members: 17365
Moderators: 0
Admins: 4
Forum Stats:
Groups: 7
Forums: 17
Topics: 10128
Posts: 79626