Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR
  • El Forum
    Unregistered
  •  
#7
05-19-2011, 11:05 AM

[eluser]Ellli[/eluser]
yep, same here with CodeIgniter 2.0.2. After turning off global_xss filtering everything works like a charm.
But i still want to use it so i made quick workaround.
In file system/core/security i modified function _remove_evil_attributes (around line 579).

Code:
// All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns
        $allowed = array(your allowed url's without domain like '/admin/edittext/');
        if(in_array($_SERVER['REQUEST_URI'],$allowed)){
            $evil_attributes = array('on\w*', 'xmlns');
        }else{
            $evil_attributes = array('on\w*', 'style', 'xmlns');
        }


Messages In This Thread
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 04-10-2011, 10:16 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 04-10-2011, 11:10 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 04-12-2011, 12:05 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 05-09-2011, 11:45 PM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 05-12-2011, 02:49 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 05-12-2011, 05:11 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 05-19-2011, 11:05 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 05-31-2011, 12:30 PM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 06-10-2011, 06:11 PM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 06-17-2011, 11:31 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 06-17-2011, 11:38 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 07-07-2011, 06:03 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 07-21-2011, 10:14 PM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 07-22-2011, 01:39 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 07-22-2011, 03:10 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 07-28-2011, 01:29 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 07-30-2011, 05:09 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 08-10-2011, 01:10 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 08-12-2011, 12:50 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 08-12-2011, 07:51 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 08-13-2011, 08:44 PM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 02-08-2012, 11:48 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 07-24-2012, 09:03 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 09-22-2012, 01:57 AM
GLOBAL XSS FILTERING on 2.0.2 and CKEDITOR - by El Forum - 08-20-2013, 02:29 PM



Theme © iAndrew 2016 - Forum software by © MyBB