Please Log in to join the conversation.
Please Log in to join the conversation.
Please Log in to join the conversation.
Yes, you guessed correctly.
Nevertheless, you can untighten security level of your site by allowing specific tags to be used.
To do that, you can add at the end of your CB configuration file in:
administrator/components/com_comprofiler/ue_config.php
for your case :
[code:1]$ueConfig = "object embed";
[/code:1]
EDIT: (not an array, but single-space-separated tags !)
you can change or add to the values in the array above any other potentially hostile tag which are now getting filtered by Community Builder, to allow them on your site. You need to be aware that allowing these tags, in particular script tag can be missused by users for potentially hostile content.
Please Log in to join the conversation.
yhyusuf wrote:
yhyusuf wrote:
hi thanks for your help but it is still doing the same i have added it to the ue_config.php file as stated above but no luck...any ideas what could be happening?
thanks
On the last save without the extra allowed tags your editor field got filtered .. so re-enter your data in there (object=...) save again and it should be fixed..
Please Log in to join the conversation.
spikec wrote:
Beat, can you give me a list of the tags that are now filtered by the new release? I had set up a creative tab where the kids ccould paste background and "myspace" layout codes to pretty up their profiles. None of this seems to be working now, esp when using the <style type="text/css"> tag.
thanks
Here the complete list of potentially hostile tags that get filtered in CB's editorArea field type:
'applet', 'body', 'bgsound', 'base', 'basefont', 'embed', 'frame', 'frameset', 'head', 'html', 'id', 'iframe', 'ilayer', 'layer', 'link', 'meta', 'name', 'object', 'script', 'style', 'title', 'xml'.
These tags can be removed from the list in the config file as decribed before.
Here also the attributes (behind any tages) that get filtered as well:
'action', 'background', 'codebase', 'dynsrc', 'lowsrc', and also will strip ALL event handlers ('on....')
There is no config-file method to remove these attributes.
Please Log in to join the conversation.