YAFLogo

Dr-Hack
  • Dr-Hack
  • 100% (Exalted)
  • YAF All-the-Time Topic Starter
13 years ago
hi,

topic title explains everything

so is it possible to have different editors depending on roles ...

like admins can have ck editors and members can have BB editors ..

i did a search but couldn't find something sorry for a double post ..

View All Posts by User
Sponsor
tha_watcha
  • tha_watcha
  • 100% (Exalted)
  • YAF.NET Project Lead 🤴 YAF Version: 4.0.1 BETA
13 years ago

hi,

topic title explains everything

so is it possible to have different editors depending on roles ...

like admins can have ck editors and members can have BB editors ..

i did a search but couldn't find something sorry for a double post ..

Originally Posted by: Dr-Hack 

No its currently not possible but it is on the to do list for yaf 2.x

View All Posts by User
Dr-Hack
  • Dr-Hack
  • 100% (Exalted)
  • YAF All-the-Time Topic Starter
13 years ago
thats a long way to wait , but wait i shall .. i was using ck so thought it could be a security hazard
View All Posts by User
squirrel
13 years ago

thats a long way to wait , but wait i shall .. i was using ck so thought it could be a security hazard

Originally Posted by: Dr-Hack 

CK can be configured to not allow certain tags, as well as other security related issues.

I could be wrong, but I'm pretty sure YAF checks the topic test before storing in the database to make sure banned html tags are not stored in the message no matter what editor is used, but I could be wrong.

If you can't find it using the forum search, try my signature link -- searches this site using Google: Google is my Friend 
View All Posts by User
bbobb
  • bbobb
  • 100% (Exalted)
  • YAF Developer
13 years ago
Signatures are checked before saving. All other data is stored 'as-is' and checked on being displayed.

The topic title is not checked for bad tags, it handles 'style' tag only.

You can't use tags if they're not allowed in any editor, but there's malformed tags with which in theory someone can make an injection. The last case is not YAF problem as we're responsible for YAF BBCode editor only in the security area. In practice, YAF checks all output quite efficently IMHO.

View All Posts by User
+1
Dr-Hack
  • Dr-Hack
  • 100% (Exalted)
  • YAF All-the-Time Topic Starter
13 years ago
tags get filtered or not is something else .. no matter how much we strip down every tag eventually there will be a new flaw. thats how computers work

so usually not to give anyone the option of trying is better one

therefore keeping a WYSIWYG editor for the admins and the yaf bbcode for members will be a better practice (i assume)

View All Posts by User
Similar Topics
Users browsing this topic