17452 Posts in 4473 Topics by 1971 members
|Go to End|
11 June 2007 at 2:12pm
For example, people may want to put an onclick handler on an A tag. Currently the WYSIWYG editor strips them out.
What are the risks of failing to strip out onclick events from content entered into the CMS?
Core Development Team
11 June 2007 at 6:02pm
I think it would be good if there was a flag which could be set by the admin which allows control of this. By default this "enforce clear code" option should be on.
27 May 2008 at 10:57am
Is there any progress towards this end? Skype buttons are really cool on contact pages, and it would be nice not to have to do any hacking to allow onclick in the tag.
Silverstripe is wonderful! Thanks for all your hard work.
|Go to Top|