| 1 |
// $Id: README.txt,v 1.1 2008/01/09 01:19:04 cwgordon7 Exp $
|
| 2 |
|
| 3 |
Flexifilter is a flexible module for use in creating custom filters. It is highly extendable.
|
| 4 |
|
| 5 |
Security concerns
|
| 6 |
-----------------
|
| 7 |
Things that are filtered are subject to xss attacks. It's a fact. The way to be secure against
|
| 8 |
this sort of attack is to use the HTML filter to strip offending HTML tags. The flexifilter
|
| 9 |
module does NOT, by itself, filter out offending HTML tags, etc. Remember to always restrict
|
| 10 |
access to filters without the HTML filter or filters with the PHP filter to trusted users.
|
| 11 |
Allowing untrusted users to post full html or even php code on your site is a MAJOR security
|
| 12 |
concern. Flexifilter, by itself does NOT strip out offending HTML code or offending PHP code.
|
| 13 |
You must use it in conjunction with the HTML filter for untrusted users, and leave the php
|
| 14 |
filter completely out of input formats for untrusted users. This is a MUST if you don't want
|
| 15 |
to see your site hacked. Thank you.
|
| 16 |
|
| 17 |
API
|
| 18 |
---
|
| 19 |
For api information, see API.txt.
|
| 20 |
|
| 21 |
Install
|
| 22 |
-------
|
| 23 |
For install information, see INSTALL.txt.
|
| 24 |
|
| 25 |
Changes
|
| 26 |
-------
|
| 27 |
For changelog information, see CHANGELOG.txt.
|
| 28 |
|
| 29 |
Maintainers
|
| 30 |
-----------
|
| 31 |
For maintainer information, see MAINTAINERS.txt.
|
Parent Directory
| 
Revision Log
| 
Revision Graph