Support Forum
Support Forum
Offline
HI
I would like to keep using the default editor for the replys etc BUT when i add an attachment it adds the full file patch in as a html code that can be a HUGE security risk.
Is there any way to hide anything like this ?
Thnx
Offline
can you explain further what you mean? Where do you see a path to the attachment? I only see a URL... and if you meant URL, can you explain why its a huge security risk??
Visit Cruise Talk Central and Mr Papa's World
Offline
Mr Papa said
can you explain further what you mean? Where do you see a path to the attachment? I only see a URL... and if you meant URL, can you explain why its a huge security risk??
HI
Yes that ULR gives away a lot to someone who is looking for where to start attacking the site. Also users dont know what happened when they add an image and a pile of code pops in for them 
TinyMCE doesnt work with Chrome (reply issue in chrome) and the default is giving out information that is scary to 90% of normal users and sec. risk for the site owner :/
Offline
I do not really understand why on earth this is some sort of huge security risk. I can go to any website and interrogate the source url of any image and find out where it is located. The information is available all of the time. Please can you explain to me what the risk is specifically seeing the same url in the editor as you do on the actual displayed website?
Of more importance, perhaps, is why is the tinyMCE editor not working for you. Have we had a topic here on this?
 |
YELLOW
SWORDFISH
|
Offline
ok lets forget the security part....
fact : when a normal user see a bunch of code they will freak out of where is the img they just added to the text. Is there any way to see the added image instead of the code. 
Offline
I don't think anyone would "freak out". Posting a picture to most other forums from a web source requires a full URL to be displayed using something like [img] tags. You can get the full URL of any image on any website by right clicking the image and viewing image info. I'd be far more concerned if when posting the uploaded image, you got a file path rather than a picture, but again this is more a display problem rather than a security risk.
Do the pictures post OK?
Offline
Ike is right. A path would definitely be a security risk.
In answer to the question regarding the image being shown - in the default edit window - no. This is a standard HTML text box control which is unable to display anything other than text.
Which brings us back to your problem with the rich text editor?
|
YELLOW
SWORDFISH
|
Offline
when i make a website here is the No.1 rule : when my mom will try to use is will she understand it ? if she saw a bunch of HTML code she will leave it there right away.
Yes tinyMCE would be perfect if stupid chrome would let is work properly :/ since most androids use chrome browser i m forced to close down the forum im working on till it is resolved 
Offline
can you explain this problem with chrome and android with tinymce? all you have mentioned in this topic is the image url being shown...
and when you say chrome, do you really mean chrome? or the default browser that come with android? they are two different things though have some lineage... most android phones do not have the full chrome browser by default...
and I can use either one fine here...
so if you can provide some more details, we can try to help you...
Visit Cruise Talk Central and Mr Papa's World
Offline
Since he mentioned android, I wonder if the issue is the chrome/upload attachment issue I had several months ago, same as the safari/upload issue someone had mentioned the other day, Mr Papa suggested firefox and I have no issues with the uploader since switching to FF, I had to make a post on my support forum about it to let the mobile users know, same with mercury that yellow suggested for Iphone, but chrome/droid default/safari, uploader does not work and creates a bunch of issues
All RSS1 Guest(s)