[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dolibarr-dev] Security improvement and new library

From: Yannick Warnier
Subject: Re: [Dolibarr-dev] Security improvement and new library
Date: Tue, 16 Sep 2014 00:24:49 +0100
User-agent: SquirrelMail/1.4.23 [SVN]

> Hello there,
> I had a look on This library clean up var against
> wished HTML tag.
> I think including this library in Dolibarr could greatly improve security
> especially for fields where fckeditor used.

I'll second that. I remember when suggesting to filter input in Dolibarr
2, I was answered (at the time) that the users of Dolibarr were generally
reliable and that there was no need for filtering. I hope this has changed

We use HTMLPurifier in Chamilo LMS, and with very good results, but beware
that it is a *huge* CPU consumer. So much that we actually had to disable
some of its filtering features.
I don't think it would impact much in Dolibarr as the number of
simultaneous users is relatively low, but it's good to know.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]