[prev in list] [next in list] [prev in thread] [next in thread]
List: vtigercrm-developers
Subject: Re: [Vtigercrm-developers] Iframe removed in Homepage Notebook
From: Nicolas Larcipretti <niclarcipretti () gmail ! com>
Date: 2011-09-15 12:11:13
Message-ID: CAK10WeAPUsJF6ohqqMSb==C73-xpRr6OUsJxwEdvdZiX_HUb9w () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Gérald,
Think twice before removing this from your Vtiger's installation, it opens a
security breach in your system that can cause lot's of trouble to your
company.
Read more about it here: http://en.wikipedia.org/wiki/Cross-site_scripting
Cheers
Nicolas
2011/9/15 Asha <asha@vtiger.com>
> Yes. It is added to avoid XSS attack.
>
> 2011/9/15 "Hébergement, paramétrage et formation VTIGER CRM" <
> webmaster@bigotconsulting.fr>
>
>> I found it :
>>
>> vtlib_purify removed iframe.
>>
>>
>>
>> Hello there,
>>
>> With Vtiger 5.1, we could insert <iframe> in notebook code.
>> With 5.2.1, this code is automatically removed.
>>
>> Where could I authorize it ?
>>
>> Thank's.
>> Gérald.
>>
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
>
>
> --
> Regards,
> Asha
> vtiger Team
>
> *Connect with us on: *Twitter <http://twitter.com/#%21/vtigercrm> *I*
> Facebook <http://www.facebook.com/pages/vtiger/226866697333578?sk=wall> *I
> * Blog <http://blog.vtiger.com/>* I* Wiki<http://wiki.vtiger.com/index.php/Main_Page>
> *I *Forums <http://forums.vtiger.com/>*I* Website <http://vtiger.com/>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
[Attachment #5 (text/html)]
Gérald,<br><br>Think twice before removing this from your Vtiger's installation, \
it opens a security breach in your system that can cause lot's of trouble to your \
company. <br><br>Read more about it here: <a \
href="http://en.wikipedia.org/wiki/Cross-site_scripting">http://en.wikipedia.org/wiki/Cross-site_scripting</a><br>
<br>Cheers<br><br>Nicolas<br><br><div class="gmail_quote">2011/9/15 Asha <span \
dir="ltr"><<a href="mailto:asha@vtiger.com">asha@vtiger.com</a>></span><br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex;"> Yes. It is added to avoid XSS attack.<br><br><div \
class="gmail_quote"><div><div></div><div class="h5">2011/9/15 "Hébergement, \
paramétrage et formation VTIGER CRM" <span dir="ltr"><<a \
href="mailto:webmaster@bigotconsulting.fr" \
target="_blank">webmaster@bigotconsulting.fr</a>></span><br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex"><div><div></div><div class="h5">
<div bgcolor="#FFFFFF" text="#245074">
I found it :<br>
<br>
vtlib_purify removed iframe.<div><div></div><div><br>
<br>
<br>
<blockquote type="cite">
Hello there,<br>
<br>
With Vtiger 5.1, we could insert <iframe> in notebook code.<br>
With 5.2.1, this code is automatically removed.<br>
<br>
Where could I authorize it ?<br>
<br>
Thank's.<br>
Gérald. </blockquote>
</div></div></div>
<br></div></div>_______________________________________________<br>
<a href="http://www.vtiger.com/" \
target="_blank">http://www.vtiger.com/</a><br></blockquote></div><font \
color="#888888"><br><br clear="all"><div><br></div>-- <br>Regards,<br>Asha<br>vtiger \
Team<br><br><b>Connect with us on: </b><a href="http://twitter.com/#%21/vtigercrm" \
target="_blank">Twitter</a> <b>I</b> <a \
href="http://www.facebook.com/pages/vtiger/226866697333578?sk=wall" \
target="_blank">Facebook</a> <b>I</b> <a href="http://blog.vtiger.com/" \
target="_blank">Blog</a><b> I</b> <a \
href="http://wiki.vtiger.com/index.php/Main_Page" target="_blank">Wiki</a> <b>I \
</b><a href="http://forums.vtiger.com/" target="_blank">Forums </a><b>I</b> <a \
href="http://vtiger.com/" target="_blank">Website</a><br>
<br>
</font><br>_______________________________________________<br>
<a href="http://www.vtiger.com/" \
target="_blank">http://www.vtiger.com/</a><br></blockquote></div><br>
_______________________________________________
http://www.vtiger.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic