By DeFr on
Change record status:
Published (View all published change records)
Project:
Introduced in branch:
7.x-1.x
Introduced in version:
7.x-1.0-beta4
Issue links:
Description:
In version up to and including the 7.x-1.0-beta3 version, the Multimedia Editorial Element module, part of Scald, was doing the conversion from a normalized version, stored in the database, to the fully rendered HTML markups too early in the field rendering process, before the user input was sanitized according to the input filter configuration.
This means that, as a site administrator, before the 7.x-1.0-beta4 version, to get e.g. DailyMotion videos to show, the input filter needed to be tweak to allow the
tag. This is no longer necessary in the beta4 release, and isn't recommended, because it allows potentially untrusted contributors to embeds malicious scripts instead of being restricted to the markup of the videos added as atoms to the site. If you are a site administrator and added those tags to your input filters to get your videos to show, it's recommended to remove them after the upgrading to Scald 7.x-1.0-beta4Impacts:
Site builders, administrators, editors
