WebSite X5Help Center

 
Rod M.
Rod M.
User

HTML in the Comment object  en

Author: Rod M.
Visited 1497, Followers 2, Shared 0  

I discovered that in the message box of the comment/guestbook system object that an external user can use html to make a link if they so wish. While that in itself is not really a problem, it worries me (a little) that taking this to the next level, that malicious code may be possibly be invoked in such a box. I don't say this to raise alarm, but I have had this happen in the past. I had a site where there was a message box for user comment, and the site became infected because someone put in code. I had to get professionals at great expense to clean it.

I'd really like to see the comment object have real format editing capability such as the one I am writing this in. I hope it's on the cards.

So the question is: Do websites that use the commenting/guestbook object parse input before posting to strip it of the possibility of executing code, but keep minimal formatting code?

Posted on the
2 ANSWERS - 1 CORRECT
Incomedia
Claudio D.
Incomedia

Hello Rod,

Yes it cannot be executed code. You can use simple formatting html code in the comment object.

Many thanks!

Read more
Posted on the from Claudio D.
Rod M.
Rod M.
User
Author

Thanks for setting my mind to rest. Most appreciated

Read more
Posted on the from Rod M.