Re: [Dolibarr-dev] Security improvement and new library

dolibarr-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dolibarr-dev] Security improvement and new library

From:	Yannick Warnier
Subject:	Re: [Dolibarr-dev] Security improvement and new library
Date:	Tue, 16 Sep 2014 00:24:49 +0100
User-agent:	SquirrelMail/1.4.23 [SVN]

> Hello there,
>
>
>
> I had a look on http://htmlpurifier.org. This library clean up var against
> wished HTML tag.
>
> I think including this library in Dolibarr could greatly improve security
> especially for fields where fckeditor used.
>

I'll second that. I remember when suggesting to filter input in Dolibarr
2, I was answered (at the time) that the users of Dolibarr were generally
reliable and that there was no need for filtering. I hope this has changed
:-)

We use HTMLPurifier in Chamilo LMS, and with very good results, but beware
that it is a *huge* CPU consumer. So much that we actually had to disable
some of its filtering features.
I don't think it would impact much in Dolibarr as the number of
simultaneous users is relatively low, but it's good to know.

Cheers,

Yannick

[Prev in Thread]

Current Thread

[Next in Thread]

[Dolibarr-dev] Security improvement and new library, [Kreiz IT] Cédric GROSS, 2014/09/15
- Re: [Dolibarr-dev] Security improvement and new library, Yannick Warnier <=
- Re: [Dolibarr-dev] Security improvement and new library, Destailleur Laurent, 2014/09/19
  - Re: [Dolibarr-dev] Security improvement and new library, [Kreiz IT] Cédric GROSS, 2014/09/19
    - Re: [Dolibarr-dev] Security improvement and new library, charles.fr, 2014/09/19

Prev by Date: Re: [Dolibarr-dev] X_pdf_create
Next by Date: Re: [Dolibarr-dev] Security improvement and new library
Previous by thread: [Dolibarr-dev] Security improvement and new library
Next by thread: Re: [Dolibarr-dev] Security improvement and new library
Index(es):
- Date
- Thread