Yii Framework Forum: Redactor Executes Javascript - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Redactor Executes Javascript Prevent it from doing this Rate Topic: -----

#1 User is offline   mastercrash 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 15
  • Joined: 05-June 12

Posted 28 April 2013 - 08:38 AM

Hello,

I tried the Redactor-Extension for Yii and inserted this example-code into the redactor html-view:

<p onclick="javascript:window.location.hash='!/var1/var2/';">Lorem ipsum<b> dolor sit amet</b></p>


The JavaScript part is going to be executed in the WYSIWYG-View. This could be a potential security risk. If someone can insert malicious JavaScript code in this field he can take the control of cookies/browser-session, everything.

Is there any way to prevent Javascript from being executed in redactor?
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users