This is a totally minor "problem", but the perfectionist in me refuses to accept the critical security flaw my Acquia Dashboard is telling me I have.

I have an end-user text format setup with the filter provided by the WYSIWYG Filter module ( http://drupal.org/project/wysiwyg_filter ) enabled and configured. Yet I'm being told there's a security issue as I'm not enabling the poorly configurable HTML Filter.

I know I could just click on "ignore", but that just feels wrong.

Any update on this would be greatly appreciated. :)

Comments

coltrane’s picture

coltrane
he/him
CreditAttribution: coltrane commented
Status: Active » Postponed

I would agree with you. We can make the check a little more thorough for things like this. Stay tuned.

forssto’s picture

forssto CreditAttribution: forssto commented

Thank you very much!

PQ’s picture

PQ CreditAttribution: PQ commented
Issue summary: View changes

Possibly this could be split into a couple of tests. One critical text for allowing script, embed, iframe, etc tags and one minor for things like images.

I don't actually understand why things like div, span and table are on the list at all. If there is a genuine reason then fair enough, otherwise maybe these could be dropped from the test altogether.

PQ’s picture

PQ CreditAttribution: PQ commented
Status: Postponed » Active

Just putting this back into active in order to be appraised by you guys. Feel free to move back to postponed if this can't be looked at presently.

Dane Powell’s picture

Dane Powell CreditAttribution: Dane Powell at Acquia commented
Status: Active » Closed (won't fix)

This branch of Acquia Connector is no longer supported, per the version policy on the project homepage. As such, I'm tentatively closing this issue.

If this issue still applies to a supported branch (currently 7.x-3.x, 8.x-1.x, or 8.x-2.x), please reopen and select the new target version. Thanks!