Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
This is a totally minor "problem", but the perfectionist in me refuses to accept the critical security flaw my Acquia Dashboard is telling me I have.
I have an end-user text format setup with the filter provided by the WYSIWYG Filter module ( http://drupal.org/project/wysiwyg_filter ) enabled and configured. Yet I'm being told there's a security issue as I'm not enabling the poorly configurable HTML Filter.
I know I could just click on "ignore", but that just feels wrong.
Any update on this would be greatly appreciated. :)
Comments
Comment #1
coltraneI would agree with you. We can make the check a little more thorough for things like this. Stay tuned.
Comment #2
forssto CreditAttribution: forssto commentedThank you very much!
Comment #3
PQ CreditAttribution: PQ commentedPossibly this could be split into a couple of tests. One critical text for allowing script, embed, iframe, etc tags and one minor for things like images.
I don't actually understand why things like div, span and table are on the list at all. If there is a genuine reason then fair enough, otherwise maybe these could be dropped from the test altogether.
Comment #4
PQ CreditAttribution: PQ commentedJust putting this back into active in order to be appraised by you guys. Feel free to move back to postponed if this can't be looked at presently.
Comment #5
Dane Powell CreditAttribution: Dane Powell at Acquia commentedThis branch of Acquia Connector is no longer supported, per the version policy on the project homepage. As such, I'm tentatively closing this issue.
If this issue still applies to a supported branch (currently 7.x-3.x, 8.x-1.x, or 8.x-2.x), please reopen and select the new target version. Thanks!