Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

products review vs products description


xvoyance

Recommended Posts

Why products review cannot support HTML, but products description can.

Presumably it is intentionally disabled for products review?

Why?

 

So, how can I get them back?

Link to comment
Share on other sites

Product descriptions are entered by the site owner/administrator. Presumably they are not going to insert malicious HTML code (tags) into their own site. Product reviews, on the other hand, are entered by customers and other random visitors. You would not want them to be able to enter HTML tags, because they could use that to insert malicious code. Rather than try to scrub out bad tags, they're simply disabled. I suppose a good compromise would be to support BBCode tags (in square brackets [ ]), or a certain basic set of HTML tags could be allowed, and everything else disabled. But unlimited HTML tags... never!

Link to comment
Share on other sites

Product descriptions are entered by the site owner/administrator. Presumably they are not going to insert malicious HTML code (tags) into their own site. Product reviews, on the other hand, are entered by customers and other random visitors. You would not want them to be able to enter HTML tags, because they could use that to insert malicious code. Rather than try to scrub out bad tags, they're simply disabled. I suppose a good compromise would be to support BBCode tags (in square brackets [ ]), or a certain basic set of HTML tags could be allowed, and everything else disabled. But unlimited HTML tags... never!

 

What kind of 'malicious' can I do for that? I hear of, but never know that. Without HTML the page format is ugly.

Afterall, the administrator can disprove the review.

Link to comment
Share on other sites

There are lots of HTML tags that can be put in, including <SCRIPT>, <OBJECT>, and <IFRAME>. In addition, CSS "style" attributes can be used to hide nasty content. Unless the review is held for review before posting, by the time the administrator gets around to looking at the review text's code itself, a lot of damage may have been done to your site or to innocent customers who read the "review". If the review is held pending review, and you're thorough about it, presumably you could disapprove anything suspicious.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...