Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

XSS filter blocking videos from inside limesurvey

  • LarryF
  • LarryF's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
3 years 11 months ago #199456 by LarryF
XSS filter blocking videos from inside limesurvey was created by LarryF
Hello.

We have found that when the XSS filter is activated users cannot insert videos, even if they are imported in LS.

We are using version 3.17.1

Is this a normal behaviour ?
I can't deactivate the XSS filter globally since there are many users, is there a way around this ?

Thank you for your help.
Attachments:
The topic has been locked.
More
3 years 11 months ago #199479 by jelo
Replied by jelo on topic XSS filter blocking videos from inside limesurvey

LarryF wrote: Is this a normal behaviour?

As far as I have followed discussions about the XSS concept and developer opinons, this can be seen as intended behaviour for LimeSurvey. I still find that strange. But developers want to ease the filter issues with a control on userlevel.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
3 years 11 months ago #199503 by DenisChenu
Replied by DenisChenu on topic XSS filter blocking videos from inside limesurvey
No,

I think viodeo is allowed even with XSS. I think you can report the issue
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
More
3 years 11 months ago #199518 by jelo
Replied by jelo on topic XSS filter blocking videos from inside limesurvey

DenisChenu wrote: I think you can report the issue

A report uploaded videos inside LimeSurvey not running without XSS disabled is open since 2017.
bugs.limesurvey.org/view.php?id=12560

I don't follow these XSS issues closely, cause I never have issues with XSS (cause the filter is disabled).
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
  • LarryF
  • LarryF's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
3 years 11 months ago #199525 by LarryF
Replied by LarryF on topic XSS filter blocking videos from inside limesurvey
Thanks for your answers.

jelo wrote: But developers want to ease the filter issues with a control on userlevel.

Do you know if this has been implemented in the 4.x ?
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
3 years 11 months ago #199528 by DenisChenu
Replied by DenisChenu on topic XSS filter blocking videos from inside limesurvey

jelo wrote:

DenisChenu wrote: I think you can report the issue

A report uploaded videos inside LimeSurvey not running without XSS disabled is open since 2017.
bugs.limesurvey.org/view.php?id=12560

I don't follow these XSS issues closely, cause I never have issues with XSS (cause the filter is disabled).

Yes, and the issue was not closed …
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
More
3 years 11 months ago #199533 by jelo
Replied by jelo on topic XSS filter blocking videos from inside limesurvey

LarryF wrote: Do you know if this has been implemented in the 4.x ?

I don't know. XSS filter concept is constantly discussed.
E.g. bugs.limesurvey.org/view.php?id=15096

I still don't see LS4 ready for production level usage.

Your user case is to allow people to upload video/audio files into LimeSurvey and conduct surveys with working videos/audio files.

The funny thing is, that LS4 restricts access to the filemanager to superadmins.

You cannot upload videos and audio files anymore - that's what I will put down (at least not easily via GUI).
I cannot recreate the other issue: to access file manager, you must be superadmin.

bugs.limesurvey.org/view.php?id=15935#c56307


Personally I don't see LimeSurvey 3/4 very suitable for a multi-user-environment, where users can only be trusted limited.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The following user(s) said Thank You: LarryF
The topic has been locked.
  • LarryF
  • LarryF's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
3 years 11 months ago #199534 by LarryF
Replied by LarryF on topic XSS filter blocking videos from inside limesurvey
Well that's a bummer.

We'll just have to work around it while it's still a feature.

Thanks again.
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose

Pricing & Plans
Get started

Legal

About Us

Open Source