Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By kavithra on
Is it a security risk to keep the full html filter format as default?
My WSYIWYG editor (tinymce or fckeditor) does not work with filtered html?
Comments
Depends who you allow to use it
Well, with full html code it could be possible to include some evil stuff in your site, iframe should be possible, maybe even including external javascript and other stuff.
There's a module called filter default, that lets you define the default filter depending on user role.
Thanks
Kavita
Thank you for a quick response, That module is for drupal 4.7, I have 5.1, But I got the idea... the particular user roles should not be given access to the filter type.