- Status changed to RTBC
almost 2 years ago 9:36pm 19 January 2023 - Status changed to Fixed
almost 2 years ago 10:19pm 19 January 2023 Automatically closed - issue fixed for 2 weeks with no activity.
The security_review_check_field check finds all content with php or script in it, which makes it not very useful for a site that needs to periodically insert that content, e.g. for a video or demonstration code.
It would be possible to make the check more useful if content could be ignored, somehow. I think this might be best achieved with an allowlist of entity ids defined in a hook that lists the entity id, field, and the md5 of the content that is acceptable. This makes it a little harder to edit content, but should help keep sites secure.
Fixed
2.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Automatically closed - issue fixed for 2 weeks with no activity.