Here's the security notice in the default content.ini file, so you're warned:
The class 'html' is disabled by default because it gives editors the possibility to insert html and javascript code in XML blocks. Don't enable the 'html' class unless you really trust all users who has privileges to edit objects containing XML blocks.
In ezp 3.8.3 ( ezpublish-3.8.3-gpl.tar.bz2), content.ini contains:
[literal] AvailableClasses[]=html
but ezp 3.8.4 (ezpublish-3.8.4-gpl.tar.bz2) contains:
[literal]
AvailableClasses[]
# The class 'html' is disabled by default because it gives editors the
# possibility to insert html and javascript code in XML blocks.
# Don't enable the 'html' class unless you really trust all users who has
# privileges to edit objects containing XML blocks. #AvailableClasses[]=html
It's for this reason I didn't face this problème with my 3.8.3 site.
Regards
Pascal
Ce qui embellit le désert c'est qu'il cache un puits... quelque part... (A. de Saint-Exupéry) - http://luxpopuli.fr/eZ-Publish
We have to upgrade the version of PHP and the ezPublish have to been upgrade too. I upgrade the version 3.6 to 3.7. When I try to enter I have this message :<b>"Using tag 'literal' with class 'html' is not allowed".</b>
What I have to change to the ezPublish go right? I try to make all that I seen on the forums but I doen't have any exit.
Please. Someone knows how to resolve this problem
Thanks
You must be logged in to post messages in this topic!