Forums / Setup & design / Using tag 'literal' with class 'html' is not allowed

Using tag 'literal' with class 'html' is not allowed

Author Message

Jeroen Sangers

Tuesday 17 October 2006 8:17:30 am

I have some articles in which I placed some HTML code using the <literal class="html"> element. Now that I review those articles, I see the text "Using tag 'literal' with class 'html' is not allowed." on my page. Has something changed related to the literal tag in the latest relaese?

Xavier Dutoit

Tuesday 17 October 2006 12:06:30 pm

Yes, new setting (security), that's disabled by default now.

You can reactivate it in the ini file.

X+

http://www.sydesy.com

Pascal France

Tuesday 24 October 2006 10:04:16 am

Hi,

I have just upgraded from 3.7.5 to 3.7.9 and now I have too:

Using tag 'literal' with class 'html' is not allowed

instead of the texts (in the front and backend)

What is the ini file Xavier speak about ?

And I don't understand what does mean this message because I use FCKeditor on my site, so I never use HTML code like <literal class="html">

Regards

Pascal

Ce qui embellit le désert c'est qu'il cache un puits... quelque part... (A. de Saint-Exupéry) - http://luxpopuli.fr/eZ-Publish

Kristof Coomans

Tuesday 24 October 2006 11:17:17 am

In content.ini.append.php, add:

[literal]
AvailableClasses[]=html

Here's the security notice in the default content.ini file, so you're warned:

The class 'html' is disabled by default because it gives editors the possibility to insert html and javascript code in XML blocks. Don't enable the 'html' class unless you really trust all users who has privileges to edit objects containing XML blocks.

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Pascal France

Tuesday 24 October 2006 11:26:27 am

Hi,

Thanks a lot Kristof.

Nothing to fear, it's my own site and I'm the only redactor ;-)

Regards

Pascal

Ce qui embellit le désert c'est qu'il cache un puits... quelque part... (A. de Saint-Exupéry) - http://luxpopuli.fr/eZ-Publish

Pascal France

Tuesday 24 October 2006 11:38:25 am

Hi,

In ezp 3.8.3 ( ezpublish-3.8.3-gpl.tar.bz2), content.ini contains:

[literal]
AvailableClasses[]=html

but ezp 3.8.4 (ezpublish-3.8.4-gpl.tar.bz2) contains:

[literal]
AvailableClasses[]
# The class 'html' is disabled by default because it gives editors the
# possibility to insert html and javascript code in XML blocks.
# Don't enable the 'html' class unless you really trust all users who has
# privileges to edit objects containing XML blocks.
#AvailableClasses[]=html

It's for this reason I didn't face this problème with my 3.8.3 site.

Regards

Pascal

Ce qui embellit le désert c'est qu'il cache un puits... quelque part... (A. de Saint-Exupéry) - http://luxpopuli.fr/eZ-Publish

Gemma C R

Thursday 06 September 2007 2:41:21 am

We have to upgrade the version of PHP and the ezPublish have to been upgrade too. I upgrade the version 3.6 to 3.7. When I try to enter I have this message :<b>"Using tag 'literal' with class 'html' is not allowed".</b>

What I have to change to the ezPublish go right? I try to make all that I seen on the forums but I doen't have any exit.

Please. Someone knows how to resolve this problem

Thanks