Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

WYSIWYG editor plugin - a major security vulnerability ?

edited December 2012 in Vanilla 2.0 - 2.8

By default there is only a plain text post editor. But in the dashboard there is a WYSIWYG plugin by Mirabilia Media.
The thing is, it allows to edit the HTML of a post. Does this mean that enabling it exposes the site to a wide range of injection attacks?


Sign In or Register to comment.