PDA

View Full Version : non safe HTML in desc


arkive
April 9th, 2007, 02:21 AM
So I decided to go try out some pages using this to see if suits my need. I noticed that the embed tag does not work inside item description whereas the <B> does. So I am assuming that html is enabled but filtered in some way. Also I was reading allot of posts about BBCode am I to assume that phpbb2 bbcode is allowed within descriptions. I have a film site where I would like users to not only be allowed to review software and cameras and such but also review short films and i think by embedding a shockwave video short in the description would be more than sufficient. Is any of this even possible?

Chuck S
April 9th, 2007, 11:53 AM
First off which product are you referring to so that we can answer your question

arkive
April 9th, 2007, 12:54 PM
Oh sorry the item ive been looking into is reviewpost.

Chuck S
April 9th, 2007, 01:57 PM
We do allow html if you allow it by setting to use that in descriptions and reviews in the admin settings but we do warn that it is security risk if you do allow it

Marshal Halloway
March 5th, 2008, 02:03 AM
I have the same problem in review post. Only admin is allow to add products, so no security risk. However, using the embed codes does not work even if html is allowed. The code shows up in the database (description field), but when checking the source code on the html page, the embed code is gone.

Chuck S
March 5th, 2008, 07:50 AM
Not sure what you mean as you need to post a link. To my knowledge we do not surpress embed tags but if your running a way old version it may be. You can see what html tags we strip in the strip function at the top of pp-inc.php

Marshal Halloway
March 5th, 2008, 09:21 AM
I will send you a link in a PM.

Chuck S
March 5th, 2008, 09:41 AM
I replied thanks