Javascript in content body

jaytoox · Post by **jaytoox** » Wed Aug 16, 2006 8:33 pm

I briefly searched this forum for the answer I am looking for with no luck.

How can I enable my phpmyfaq to not filter javascrpt I put in the content?

I have an image, and would like to insert javascript so it pops out in a new window at the correct size.

Thanks,

Joshua

Post by **Thorsten** » Thu Aug 17, 2006 6:19 am

Hi,

just remove the JavaScript filter in the file inc/init.php in the method PMF_Init::cleanRequest().

bye
Thorsten

remuze · Post by **remuze** » Tue Oct 03, 2006 2:51 pm

I can't find PMF_Init::cleanRequest in init.php

I'm using version 1.6.5

matteo · Post by **matteo** » Tue Oct 03, 2006 3:10 pm

Hi,
maybe you've been badly driven by the OOP syntax

that means:
- class PMF_Init
- method cleanRequest
So you'll find it declared as:

Code: Select all

function cleanRequest()

within the :

Code: Select all

class PMF_Init

You need to move this line from:

Code: Select all

				$newvalues = PMF_Init::removeXSSGPC($newvalues);

to:

Code: Select all

				//$newvalues = PMF_Init::removeXSSGPC($newvalues);

Beware that this simple change will expose you to XSS attacks. It would be wiser to customize a little bit the basicXSSClean function to avoid the cleaning of your desired tags.

Regards,
Matteo

remuze · Post by **remuze** » Tue Oct 03, 2006 4:26 pm

Very good answer for me, a beginner.

Thanx

remuze · Post by **remuze** » Tue Jun 12, 2007 7:02 pm

Is this still the same method in version 2.0.1 ?

Post by **Thorsten** » Tue Jun 12, 2007 7:03 pm

Hi,

yes.

bye
Thorsten