如何通过CMS安全添加页面内容?
如果我要构建一个自定义 CMS,允许某人使用 WYSIWYG 登录并构建页面,是否可以使其安全并允许内容中包含 JavaScript 代码?有时,有人想要添加视频嵌入代码或抓取 RSS 提要的小部件,这些嵌入代码和小部件采用 JavaScript。那么我如何允许他们通过 CMS 将其添加到他们的页面呢?我主要担心的是 XSS/漏洞。
If I were to build a custom CMS that allowed someone to log in and build a page using a WYSIWYG would it be possible to make it secure and allow JavaScript code in the content? There are times where someone wants to add a video embed code or a widget that grabs an RSS feed, these embed codes and widgets are in JavaScript. So how do I allow them to add that to their page through a CMS? My main concern is XSS/vulnerabilities.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以在富文本内容中存储引用小部件的标签,例如
,并仅在前端渲染 javascript...或者您可以选择使用以下任何一种现代 CMS 带有视频插件和小部件,已经为您解决了问题。You could store tags with references to widgets in your rich text content, like
<video>id</video>, and render the javascript only in frontend... or you could choose to use any of the modern CMS's out there with plugins for video and widgets that already solved the problem for you.