×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Disable URL, IMG, CODE in Toolbar

Disable URL, IMG, CODE in Toolbar 1 year 3 months ago #34781

  • Valentin Z
  • Valentin Z's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
  • Posts: 9
  • Thank you received: 0
Hello,

I'am afraid that (even using recaptcha) thoose link could represent some potential securtiy vulnerability, and as I am not intersted in using it I wanted to ask how to (only) deactivate the one indicated in red. Is this possible in the standard configuration?

bild upload

Thank you!

Regards

Disable URL, IMG, CODE in Toolbar 1 year 3 months ago #34795

  • Daniel Dimitrov
  • Daniel Dimitrov's Avatar
  • Away
  • Administrator
  • Administrator
  • Posts: 9618
  • Karma: 154
  • Thank you received: 1081
Just go in the backend and disable bbcode support in layout, then go to template and disable bbcode there as well and those things won't be shown there.

Regards,
Daniel

Disable URL, IMG, CODE in Toolbar 1 year 3 months ago #34801

  • Valentin Z
  • Valentin Z's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
  • Posts: 9
  • Thank you received: 0

Daniel Dimitrov wrote: Just go in the backend and disable bbcode support in layout, then go to template and disable bbcode there as well and those things won't be shown there.

Thank you, but my question was another.
I want that font-formatting and quote icons still be shown (see picture). Would that be possible?
If I disable bbcode the whole toolbar disapperars (beside the smilies).

Disable URL, IMG, CODE in Toolbar 1 year 3 months ago #34802

  • Daniel Dimitrov
  • Daniel Dimitrov's Avatar
  • Away
  • Administrator
  • Administrator
  • Posts: 9618
  • Karma: 154
  • Thank you received: 1081
You can hide the other stuff with a template override, but a user will still be able to enter those and the system will still render them. Why is font-formating secure and the rest insecure??? Doesn't make much sense for me. All bbcode goes through the same security testing.

Disable URL, IMG, CODE in Toolbar 1 year 3 months ago #34805

  • Valentin Z
  • Valentin Z's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
  • Posts: 9
  • Thank you received: 0
Isn't there a potential risk that a real user enters a link to a malicious site or uploding a svg-image (containing malicious code)? Or using code placement to perform script insertion attacks?
  • Page:
  • 1
Time to create page: 0.143 seconds