Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
It seems that the Richtext editor is the only field type that does not let an editor insert javascript. The other ones seem to be OK with it.
I want to prevent our content editors from inserting javascript or cross-site references, to satisfy the security requirements of our IT department.
We really only need a single line input field, and the Richtext editor is a bit clunky for this purpose.
So:
1) Are there any text input fields that somehow can remove javascript?
or
2) Is there any way to limit a Richtext field to a single line?
-- Paul
Hi. I suppose that you could prohibit inserting a script tag into a simple textstring field with setting up regex validation on it.
I wonder if you could somehow do it through regex?
From what I've read about using regex, it's far from bullet-proof. In fact, for all I know Richtext may not be bullet-proof. I'll throw this problem back at the IT department and see what they come up with.
I've just thought that you could also create custom validation logic and hook it to the Document.BeforeSave event.
Hi Paul
The rich text editor should be used for content only. No code like JavaScript or CSS at all.
Usually I use the texstring multiple to insert JavaScript for stuff like tracking etc.
As Rodion is suggesting above you're perhaps able to hook into the Document.BeforeSave event and make some logic.
/Jan
is working on a reply...
Write your reply to:
Upload image
Image will be uploaded when post is submitted
Excluding javascript from editable content
It seems that the Richtext editor is the only field type that does not let an editor insert javascript. The other ones seem to be OK with it.
I want to prevent our content editors from inserting javascript or cross-site references, to satisfy the security requirements of our IT department.
We really only need a single line input field, and the Richtext editor is a bit clunky for this purpose.
So:
1) Are there any text input fields that somehow can remove javascript?
or
2) Is there any way to limit a Richtext field to a single line?
-- Paul
Hi. I suppose that you could prohibit inserting a script tag into a simple textstring field with setting up regex validation on it.
I wonder if you could somehow do it through regex?
From what I've read about using regex, it's far from bullet-proof. In fact, for all I know Richtext may not be bullet-proof. I'll throw this problem back at the IT department and see what they come up with.
I've just thought that you could also create custom validation logic and hook it to the Document.BeforeSave event.
Hi Paul
The rich text editor should be used for content only. No code like JavaScript or CSS at all.
Usually I use the texstring multiple to insert JavaScript for stuff like tracking etc.
As Rodion is suggesting above you're perhaps able to hook into the Document.BeforeSave event and make some logic.
/Jan
is working on a reply...