Forum Discussion
NimbostratusHandling of HTML editors
Hi all,
I've a question regarding HTML editors in multiple CMS. If we want attack signatures and/or parameter meta-char checking we constantly see violations because of different html-,... tags included in HTML-Editor as a POST parameter. (i.e. changing article information as an authorized user) We have this issue on multiple CMS and didn't really know how to fix this issue in a proper way. At the moment I turn off meta-chars and signatures checks for such parameters. - is there a good/better way without having excessive work?
Thanks in advance, Philipp
1 Reply
Arnaud_LemaireEmployee
My gut feeling is that CMS is injecting code to your application, which means most signatures or character checking are useless ... i would suggest to deactivate such checks for urls used to post by creating a wildcard parameter for them, and removing sig and meta characters.
