Make fields check more useful with risky content (allowlist of content?)

Created on 29 February 2016, almost 9 years ago
Updated 31 January 2023, almost 2 years ago

The security_review_check_field check finds all content with php or script in it, which makes it not very useful for a site that needs to periodically insert that content, e.g. for a video or demonstration code.

It would be possible to make the check more useful if content could be ignored, somehow. I think this might be best achieved with an allowlist of entity ids defined in a hook that lists the entity id, field, and the md5 of the content that is acceptable. This makes it a little harder to edit content, but should help keep sites secure.

✨ Feature request
Status

Fixed

Version

2.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States greggles Denver, Colorado, USA

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024