History: Plugin Security
Source of version: 14
Copy to clipboard
! Plugin Security
By default, Wiki Syntax is designed to be safer than HTML. If we let users just use any HTML & Javascript, some could do nasty things like [http://en.wikipedia.org/wiki/Cross-site_scripting|XSS].
Thus, when a plugin is potentially insecure, it must be approved by someone with appropriate permissions.
::{img src="img/wiki_up/tiki30_plugin_approval_01.png" class="reflect" align="center" rel=shadowbox[g];type=img;title=}::
The permissions involved are:
|| __Permission__ | __Description__
tiki_p_plugin_approve | Can approve plugin execution
tiki_p_plugin_preview | Can execute unapproved plugin
tiki_p_plugin_viewdetail | Can view unapproved plugin details
||
!!! Plugin Approval
See ((Plugin Approval))
!!! Plugin Management
Plugins can be enabled or disabled on a site wide basis by an admin. So if you don't need it, turn it off.
{img src="dl35&display" align="center" class="reflect" imalign="center"}
!! Alias
* (alias(Plugin Validation))
History
| Information | Version | |||||
|---|---|---|---|---|---|---|
| Marc Laporte | 17 | |||||
| Marc Laporte | 16 | |||||
| Marc Laporte | 15 | |||||
| luciash d' being 🧙 | 14 | |||||
| Xavier de Pedro added to another structure too | 13 | |||||
| Xavier de Pedro added to one structure | 12 | |||||
| Xavier de Pedro | 11 | |||||
| luciash d' being 🧙 Image Plugin modified by editor. | 9 | |||||
| luciash d' being 🧙 Image Plugin modified by editor. | 8 | |||||
| luciash d' being 🧙 | 7 | |||||
| Marc Laporte | 6 | |||||
| Marc Laporte Image Plugin modified by editor. | 5 | |||||
| Marc Laporte Image Plugin modified by editor. | 4 | |||||
| Marc Laporte | 3 | |||||
| Marc Laporte | 2 | |||||
| Marc Laporte | 1 | |||||