With my client we are migrating from a v7 build to a v11 and we are moving some features.
I noticed that some content comes from dictionary items with html tags in them. The current way to render it is without plugins or custom dictionary controls, just plain html in text fields rendered using @Html.Raw() like in this topic:
Since dictionary items are added by back office editors, the onus is really on them to ensure they are not posting anything that may cause a security issue, as a dev you could add an on save notification which would check for anything dodgy
html tags in dictionary items - security concerns
With my client we are migrating from a v7 build to a v11 and we are moving some features.
I noticed that some content comes from dictionary items with html tags in them. The current way to render it is without plugins or custom dictionary controls, just plain html in text fields rendered using @Html.Raw() like in this topic:
https://our.umbraco.com/forum/templating/templates-and-document-types/73538-html-tags-in-dictionary
As we are using @Html.Raw I am concerned about the security implications of this approach, what's your point of view ?
The project is a very big gov website without personal data.
Since dictionary items are added by back office editors, the onus is really on them to ensure they are not posting anything that may cause a security issue, as a dev you could add an on save notification which would check for anything dodgy
is working on a reply...