This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.
The active forums are here.
April 19, 2011 4:02pm
Subscribe [2]#1 / Apr 19, 2011 4:02pm
Hello my Gurus,
I am are running the latest version of ExpressionEngine: Version 2.1.3 Build 20101220
I want to allow users to embed a you tube video in the comments.
I set the channel comment settings to
Comment Text Formatting none
Comment HTML Formatting allow all HTML
Yet the ‘<’ and ‘>’ in the comments are being converted to the html code
Any idea why?
Thanks
#2 / Apr 20, 2011 12:22am
Hi, vlad - this is a security filter to disallow potentially dangerous input on more open user inputted areas (the same thing happens on the wiki). If you do want to allow this, you would need to code your own extension to deal with it. Or perhaps something like Disqus may be a better option for that kind of rich media in comments.
Does that help?
#3 / Apr 20, 2011 1:15am
Thanks Lisa, I just need a solid answer for the client. I don’t like the idea of someone being able to inject script using < > either. It’s a huge vulnerability, but the question had to be raised.
Thank you,
V
#4 / Apr 20, 2011 5:32am
Thanks vlad_i. Closing this one out. Feel free as always to start a new thread if you have any more questions