Hi,
I noticed that by default it is possible to enter html code in the link description field, and that this doesn't get escaped out when the category/detailed pages are generated.
Is this a security risk? I'm thinking of things like cross site scripting etc (although I'm no expert on these things - so wanted to get advice from the community)
(Note - I actually want my editors to be able to "bold" text and add "urls" to the description field and a couple of other text fields I have created - but I'm a bit worried about the potential for abuse)
Cheers,
Rob
I noticed that by default it is possible to enter html code in the link description field, and that this doesn't get escaped out when the category/detailed pages are generated.
Is this a security risk? I'm thinking of things like cross site scripting etc (although I'm no expert on these things - so wanted to get advice from the community)
(Note - I actually want my editors to be able to "bold" text and add "urls" to the description field and a couple of other text fields I have created - but I'm a bit worried about the potential for abuse)
Cheers,
Rob