[Typo3-dev] XML/OpenOffice/Office 2003 comp RTE
Robert Lemke
rl at robertlemke.de
Wed Nov 12 23:58:28 CET 2003
On Wed, 2003-11-12 at 23:01, Troels Kjær Rasmussen wrote:
> THE COOL THING WITH SXW FILES IS THAT IT STORES PICTURES, METADATA WITHIN THE SXW FILE -
> so no more uploading of pictures! - insert them where you want them, and theyll be stored
> right there in the sxw file
Hmm, I don't share your enthusiasm about an editor working directly with
sxw files. Just zip the uploads and the fileadmin folder and you also
have everything in one file - that's what sxw is, just a zip file.
Where's the advantage? Plus accessing a zip / sxw file for processing
the output to the frontend is really slow.
> + A BONUS: The reason while so many RTE´s are simple still is security.
> RTE´s are a MAJOR securtiy risk, since you can hide all sorts of scripting
> in them. especially SQL-injects a.s.o. are dangerous.
There is no known way of injecting malicious code into TYPO3's RTE
because the whole input is being transformed.
> If the RTE however stored all its contents in sxw files, a lot of these
> security-issues would be eliminated, since everything is zipped up nicely
> in the sxw and can only do harm on client (not even sure it can do that)
Well, for me it's like having a bomb and wrapping it into gift wrap
paper - it just *seems* not dangerous anymore.
--
robert
"They placed me on this earth without a manual.
And i dare to say, i’m doing just fine without ;)"
More information about the TYPO3-dev
mailing list