History: Plugin Security

• «
• »

            ! Plugin Security

By default, Wiki Syntax is designed to be safer than HTML. If we let users just use any HTML & Javascript, some could do nasty things like [http://en.wikipedia.org/wiki/Cross-site_scripting|XSS].

Thus, when a plugin is potentially insecure, it must be approved by someone with appropriate permissions.

::{img src="img/wiki_up/tiki30_plugin_approval_01.png" class="reflect" align="center" rel=shadowbox[g];type=img;title=}:: 

The permissions involved are:

|| __Permission__ | __Description__
tiki_p_plugin_approve | Can approve plugin execution 
tiki_p_plugin_preview | Can execute unapproved plugin 
tiki_p_plugin_viewdetail | Can view unapproved plugin details 
||


!!! Plugin Approval

See ((Plugin Approval))


!!! Plugin Management
Plugins can be enabled or disabled on a site wide basis by an admin. So if you don't need it, turn it off.

{img src="dl35&display" align="center" class="reflect" imalign="center"} 
 


!! Alias
* (alias(Plugin Validation))