Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Giu 23 posts 141 karma points
    Jun 15, 2023 @ 09:07
    Giu
    0

    html tags in dictionary items - security concerns

    With my client we are migrating from a v7 build to a v11 and we are moving some features.

    I noticed that some content comes from dictionary items with html tags in them. The current way to render it is without plugins or custom dictionary controls, just plain html in text fields rendered using @Html.Raw() like in this topic:

    https://our.umbraco.com/forum/templating/templates-and-document-types/73538-html-tags-in-dictionary

    As we are using @Html.Raw I am concerned about the security implications of this approach, what's your point of view ?

    The project is a very big gov website without personal data.

  • Huw Reddick 1929 posts 6717 karma points MVP 2x c-trib
    Jun 17, 2023 @ 11:53
    Huw Reddick
    0

    Since dictionary items are added by back office editors, the onus is really on them to ensure they are not posting anything that may cause a security issue, as a dev you could add an on save notification which would check for anything dodgy

Please Sign in or register to post replies

Write your reply to:

Draft