|
|
@ tibor.pacalat : same than some other feature request.
Have a prospect, if quote is OK : I take it.
The alternative is to create a plugin, but
- I think it can be interesting for all
- Less difficult to integrate in core (less code)
- Integrate in core allow update GUI settings
|
|
|
|
From Carsten:
I don't think it should be implemented that way, but instead a user permission should be created for this. |
|
|
|
From global settings to User Permission ?
Leaving global settings for the default value ?
BUT we still have the same issue for superadmin ! |
|
|
|
Better name for option : filterxsshtml_forcedall maybe ?
Still compatible needed if we allow Permission, but then permission are not needed (must be hidden/disable for UX) |
|
|
|
@c_schmitz
I don't think it should be implemented that way, but instead a user permission should be created for this.
This is another issue.
Here the desired behavior is Nobody can add script tag even superadmin.
Since superadmin have all permission : adding a new permission didn'(t fix the issue.
Proposition :
filterxsshtml_forcedall by config.php only : if it's true : superamin have their content filters for XSS like simple user. The settings can not be disabled in settings and a differe,t text is showndisablescriptwithxss have same usage than today and can be enabled/disabled by superamdin but enablescriptwithxss_superadmin can be added but obnly via config.php |
|
|
|
OK,
I have the solution to do by plugin only if you don't want it |
|
|
|
Plugin and create a PR to have the plugin integrated in core :) |
|
|
|
|
|
|
|
enablescriptwithxss_superadmin and enablescriptwithxss_forcedsuperadmin
Not set : use GUI |
|
|
|
Did we need filterxsshtml_allowforcedsuperadmin if filterxsshtml_forcedall
https://gitlab.com/SondagesPro/coreAndTools/EnableXssForAll/-/blob/main/EnableXssForAllWebUser.php?ref_type=heads#L20
I think we can set (maybe) when install ? |
|
|
|
https://github.com/LimeSurvey/LimeSurvey/pull/4753 |
|
