Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Filter HTML for XSS cant be deaktivated

  • StefanBasen
  • StefanBasen's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
8 years 6 months ago #124590 by StefanBasen
Filter HTML for XSS cant be deaktivated was created by StefanBasen
Hello,

well i tried to deaktivate the Filter HTML for XSS because im using some functions in many Questions that used by html. As long as this is on the code wont work. So i tried with the highest Admin Account to deactivate this Filter in the Security Options. But when im Click Save or Save & Close and going into that Security Settings again, the Filter is set back to Activated. So why the Hell does this keep active?

Please i need help on that :(

Thanks
The topic has been locked.
  • holch
  • holch's Avatar
  • Away
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
8 years 6 months ago #124593 by holch
Replied by holch on topic Filter HTML for XSS cant be deaktivated
Where do you host? Self-hosted? Limeservice? University?

I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.

The topic has been locked.
  • StefanBasen
  • StefanBasen's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
8 years 6 months ago #124595 by StefanBasen
Replied by StefanBasen on topic Filter HTML for XSS cant be deaktivated
Self-Hosted
The topic has been locked.
  • holch
  • holch's Avatar
  • Away
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
8 years 6 months ago - 8 years 6 months ago #124596 by holch
Replied by holch on topic Filter HTML for XSS cant be deaktivated
And which version are you using?
Could you deactivate the filter before or is this the first time you try?

I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.

Last edit: 8 years 6 months ago by holch.
The topic has been locked.
  • StefanBasen
  • StefanBasen's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
8 years 6 months ago #124599 by StefanBasen
Replied by StefanBasen on topic Filter HTML for XSS cant be deaktivated
Version 2.06+ Build 150619

Yeah i could deactivate it before. We had a Test Survey running for about 3 Weeks now. In this Survey i used html code at some places . The codes does, that the last dropdown menu becomes a checkbox. Everything worked fine and now the Survey was copied for the full live thing. I recognized that the code in those questions was gone and after i reaplied it the Question showed the full html code. Ahh okay Filter thing in Security...tried to turn it off but everytime i save or say save & quit its back on active.
The topic has been locked.
  • holch
  • holch's Avatar
  • Away
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
8 years 6 months ago #124601 by holch
Replied by holch on topic Filter HTML for XSS cant be deaktivated
So you logged in as the superadministrator (the one that first setup the Limesurvey installation) and you still can't switch this off?

Here in my 2.06 installation the filter is off and there is no problem. So I am not sure if this is general bug our just something that has to do with your installation.

So this happened just out of the blue? No changes made to the installation, no upgrade, etc?

By the way, 150619 isn't the latest built of Limesurvey.

I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.

The topic has been locked.
  • StefanBasen
  • StefanBasen's Avatar Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
8 years 6 months ago #124602 by StefanBasen
Replied by StefanBasen on topic Filter HTML for XSS cant be deaktivated
Yeah superadmin and even with that Account it changes back to active. Im also not sure where and why this is happening. Didnt changed anything on serverside or inside the installation.
The topic has been locked.
  • holch
  • holch's Avatar
  • Away
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
8 years 6 months ago #124606 by holch
Replied by holch on topic Filter HTML for XSS cant be deaktivated
Try to empty your browser cache and try also a different browser. When we can eliminate that something got stuck in the interface, then maybe it makes sense to file a bug report.

I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.

The topic has been locked.
More
4 years 3 weeks ago #194966 by colmsjo
Replied by colmsjo on topic Filter HTML for XSS cant be deaktivated
I'm having the same problem (Version 4.1.7+200224, tried to empty the cache). I ended up setting filterxsshtml in lime_settings_global in the db manually to 0.

Seams like a bug, is there a fix (other workaround)?
The topic has been locked.
  • tpartner
  • tpartner's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
4 years 3 weeks ago #194970 by tpartner
Replied by tpartner on topic Filter HTML for XSS cant be deaktivated
@colmsjo, please remove links and references to websites from your signature. That is not allowed unless you are a registered partner.

Cheers,
Tony Partner

Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
The topic has been locked.
More
4 years 3 weeks ago #194990 by colmsjo
Replied by colmsjo on topic Filter HTML for XSS cant be deaktivated
ok, and do you have an answer to the question?
The topic has been locked.
  • tpartner
  • tpartner's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
4 years 3 weeks ago #194994 by tpartner
Replied by tpartner on topic Filter HTML for XSS cant be deaktivated
No, or I would have given it. :)

I cannot reproduce the problem. Are you logged in a super-admin?

Cheers,
Tony Partner

Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose