|Project:||CKEditor - WYSIWYG HTML editor|
Justed wanted to let you know, that when you do the following, it might break your site, if you have additional filters enabled (like spamspan).
- Use FireFox
- Go and create a node with Ckeditor enabled.
- Drag an image from your desktop (preferrable a bit big) into the ckeditor.
- Hit save (or view code)
As you can see, the image is loaded into the text area as
<img alt="" src="data:image/png;base64,iVBORw0KGgoAAAAN... ...Kt618f8EYXwHmCtPdQAAAABJRU5ErkJggg==" /> with 300.000 characters inbetween or more. This can break your site, if some filters want to analyse this 300.000 characters with regexp. Besides this can be exploited to get down sites easily and quickly.