Dr-Hack
  •  Dr-Hack
  • 100% (Exalted)
  • YAF All-the-Time Topic Starter
2012-02-17T17:52:17Z
hi,
topic title explains everything
so is it possible to have different editors depending on roles ...
like admins can have ck editors and members can have BB editors ..

i did a search but couldn't find something sorry for a double post ..
Sponsor
tha_watcha
2012-02-17T18:16:01Z
Originally Posted by: Dr-Hack 

hi,
topic title explains everything
so is it possible to have different editors depending on roles ...
like admins can have ck editors and members can have BB editors ..

i did a search but couldn't find something sorry for a double post ..



No its currently not possible but it is on the to do list for yaf 2.x
UserPostedImage
Dr-Hack
  •  Dr-Hack
  • 100% (Exalted)
  • YAF All-the-Time Topic Starter
2012-02-17T19:03:27Z
thats a long way to wait , but wait i shall .. i was using ck so thought it could be a security hazard
squirrel
2012-02-18T00:26:34Z
Originally Posted by: Dr-Hack 

thats a long way to wait , but wait i shall .. i was using ck so thought it could be a security hazard



CK can be configured to not allow certain tags, as well as other security related issues.

I could be wrong, but I'm pretty sure YAF checks the topic test before storing in the database to make sure banned html tags are not stored in the message no matter what editor is used, but I could be wrong.
If you can't find it using the forum search, try my signature link -- searches this site using Google: Google is my Friend 
bbobb
  •  bbobb
  • 100% (Exalted)
  • YAF Developer
2012-02-18T02:11:22Z
Signatures are checked before saving. All other data is stored 'as-is' and checked on being displayed.
The topic title is not checked for bad tags, it handles 'style' tag only.
You can't use tags if they're not allowed in any editor, but there's malformed tags with which in theory someone can make an injection. The last case is not YAF problem as we're responsible for YAF BBCode editor only in the security area. In practice, YAF checks all output quite efficently IMHO.

Dr-Hack
  •  Dr-Hack
  • 100% (Exalted)
  • YAF All-the-Time Topic Starter
2012-02-18T08:04:29Z
tags get filtered or not is something else .. no matter how much we strip down every tag eventually there will be a new flaw. thats how computers work
so usually not to give anyone the option of trying is better one
therefore keeping a WYSIWYG editor for the admins and the yaf bbcode for members will be a better practice (i assume)

About Us

The YAF.NET is an open source .NET forum project. YAF.NET is supported by an team of international developers who are build community by building community software.

Powered by Resharper Donate with PayPal button

Project Twitter Updates

Copyright © YetAnotherForum.NET & Ingo Herbote. All rights reserved