Disable javascript and major security issue ?

Hi,

Is there any option to prevent certain HTML code to be use in the description textarea INPUT in a profile user?? if not, thats a major security issue since you can disable javascript with firebug and paste any javascript and embed flash app that could harm a user.

Anyone?

Where can I edit the filters for Html Purifier ?

If I want to block these tags: script, embed, object in Description Html Textarea, what do I need to change or add in Html purifier ?

I believe those (actually, I know for a fact <script> is) are already filtered out.

I was wondering because I was able to display a embed flash object in the textarea of description field in a user profile.

If I want to prevent that, how can I exclude the OBJECT tag ?

I wouldn't know where to begin with configuring HTML Purifier. You may want to read the documentation provided by the project: http://htmlpurifier.org/docs.

Good luck with that.

So far i have not been able to find any thing on it here. I normally can figure most things out, but that purifier has me stumped.

And i am still working on your other project. I hit a snag and had to take a break away from it to clear my head.

If I recall, it isn't even as simple as editing a file, either.

If you did this as an admin, the post was not filtered by htmlpurifier.  Non-admin posts will be filtered and you don't have to worry about this.

Thank that was it!!!!

I did paste it from the admin account and Htmlpurifier didn't do anything but when i've tried using a standard account, it as filter all the flash object code and kept only a image to show. I'm glad!!! I was so nervous about this.

Thank you all for the help.

I'm not bad to modified script but when I was checking the Htmlpurifier stuff I was like arrrgggggg something you dont want to mess around lolll.

For the Online User mod, no prob, just tell me when done. I really appreciate you taking the time to try develop my request, I can't tell you how much happy I am :-D

Cheers,