- Posts: 24
- Thank you received: 2
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
XSS filter blocking videos from inside limesurvey
- LarryF
- Topic Author
- Offline
- Junior Member
Less
More
3 years 11 months ago #199456
by LarryF
XSS filter blocking videos from inside limesurvey was created by LarryF
Hello.
We have found that when the XSS filter is activated users cannot insert videos, even if they are imported in LS.
We are using version 3.17.1
Is this a normal behaviour ?
I can't deactivate the XSS filter globally since there are many users, is there a way around this ?
Thank you for your help.
We have found that when the XSS filter is activated users cannot insert videos, even if they are imported in LS.
We are using version 3.17.1
Is this a normal behaviour ?
I can't deactivate the XSS filter globally since there are many users, is there a way around this ?
Thank you for your help.
Attachments:
The topic has been locked.
- jelo
- Offline
- Platinum Member
Less
More
- Posts: 5033
- Thank you received: 1257
3 years 11 months ago #199479
by jelo
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Replied by jelo on topic XSS filter blocking videos from inside limesurvey
As far as I have followed discussions about the XSS concept and developer opinons, this can be seen as intended behaviour for LimeSurvey. I still find that strange. But developers want to ease the filter issues with a control on userlevel.LarryF wrote: Is this a normal behaviour?
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13597
- Thank you received: 2487
3 years 11 months ago #199503
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic XSS filter blocking videos from inside limesurvey
No,
I think viodeo is allowed even with XSS. I think you can report the issue
I think viodeo is allowed even with XSS. I think you can report the issue
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- jelo
- Offline
- Platinum Member
Less
More
- Posts: 5033
- Thank you received: 1257
3 years 11 months ago #199518
by jelo
bugs.limesurvey.org/view.php?id=12560
I don't follow these XSS issues closely, cause I never have issues with XSS (cause the filter is disabled).
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Replied by jelo on topic XSS filter blocking videos from inside limesurvey
A report uploaded videos inside LimeSurvey not running without XSS disabled is open since 2017.DenisChenu wrote: I think you can report the issue
bugs.limesurvey.org/view.php?id=12560
I don't follow these XSS issues closely, cause I never have issues with XSS (cause the filter is disabled).
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
- LarryF
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 24
- Thank you received: 2
3 years 11 months ago #199525
by LarryF
Replied by LarryF on topic XSS filter blocking videos from inside limesurvey
Thanks for your answers.
Do you know if this has been implemented in the 4.x ?jelo wrote: But developers want to ease the filter issues with a control on userlevel.
The topic has been locked.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13597
- Thank you received: 2487
3 years 11 months ago #199528
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic XSS filter blocking videos from inside limesurvey
Yes, and the issue was not closed …jelo wrote:
A report uploaded videos inside LimeSurvey not running without XSS disabled is open since 2017.DenisChenu wrote: I think you can report the issue
bugs.limesurvey.org/view.php?id=12560
I don't follow these XSS issues closely, cause I never have issues with XSS (cause the filter is disabled).
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
- jelo
- Offline
- Platinum Member
Less
More
- Posts: 5033
- Thank you received: 1257
3 years 11 months ago #199533
by jelo
E.g. bugs.limesurvey.org/view.php?id=15096
I still don't see LS4 ready for production level usage.
Your user case is to allow people to upload video/audio files into LimeSurvey and conduct surveys with working videos/audio files.
The funny thing is, that LS4 restricts access to the filemanager to superadmins.
Personally I don't see LimeSurvey 3/4 very suitable for a multi-user-environment, where users can only be trusted limited.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Replied by jelo on topic XSS filter blocking videos from inside limesurvey
I don't know. XSS filter concept is constantly discussed.LarryF wrote: Do you know if this has been implemented in the 4.x ?
E.g. bugs.limesurvey.org/view.php?id=15096
I still don't see LS4 ready for production level usage.
Your user case is to allow people to upload video/audio files into LimeSurvey and conduct surveys with working videos/audio files.
The funny thing is, that LS4 restricts access to the filemanager to superadmins.
bugs.limesurvey.org/view.php?id=15935#c56307You cannot upload videos and audio files anymore - that's what I will put down (at least not easily via GUI).
I cannot recreate the other issue: to access file manager, you must be superadmin.
Personally I don't see LimeSurvey 3/4 very suitable for a multi-user-environment, where users can only be trusted limited.
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The following user(s) said Thank You: LarryF
The topic has been locked.
- LarryF
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 24
- Thank you received: 2
3 years 11 months ago #199534
by LarryF
Replied by LarryF on topic XSS filter blocking videos from inside limesurvey
Well that's a bummer.
We'll just have to work around it while it's still a feature.
Thanks again.
We'll just have to work around it while it's still a feature.
Thanks again.
The topic has been locked.