How to safely add page content via CMS?
If I were to build a custom CMS that allowed someone to log in and build a page using a WYSIWYG would it be possible to make it secure and allow JavaScript code in the content? There a开发者_如何学Gore times where someone wants to add a video embed code or a widget that grabs an RSS feed, these embed codes and widgets are in JavaScript. So how do I allow them to add that to their page through a CMS? My main concern is XSS/vulnerabilities.
You could store tags with references to widgets in your rich text content, like <video>id</video>
, and render the javascript only in frontend... or you could choose to use any of the modern CMS's out there with plugins for video and widgets that already solved the problem for you.
精彩评论