Wich code allowed AllowCode option?
I haven't got a clue, wich code allowed #AllowCode option. PHP-code? For wich engine? I would like you to give me an answer on this issue .
BTW: It is a pity, that Hubzilla cann't search for AllowCode in the Hubzilla-docu. With this query https://duckduckgo.com/?q=site%3Ahubzilla.top+AllowCode get I any reply for AllowCode-question :-|.
@Hubzilla Support Forum+
BTW: It is a pity, that Hubzilla cann't search for AllowCode in the Hubzilla-docu. With this query https://duckduckgo.com/?q=site%3Ahubzilla.top+AllowCode get I any reply for AllowCode-question :-|.
@Hubzilla Support Forum+
Sure it can. Enter '?allowcode' in the search box to search in documentation
In 2.4RC I get no results, and mostly the docu search is broken now because of my restructuring of the docu months ago. I still have not fixed the search problem because honestly I just forgot about it. That is an important feature so I will work on fixing that.
Sure it can. Enter '?allowcode' in the search box to search in documentation, or 'allowcode' to search in posts. I get results for both of these, but admittedly they aren't very good. I get no results at all for the ddg search.
Anyway, by default all channels are 'filtered' so that they cannot enter any executable code - be it php, or javascript embedded in html or css. If you provide 'allowcode' rights to their channel they completely bypass this filter and can create webpages and blocks using php or javascript - and they can even include javascript inside markdown pages for example. So basically they are unfiltered for malicious content. They won't be able to export this content to other systems unless the receiving channel has codeallowed access also. This used to be a toggle 'per account' but as of 2.4 I believe it has been turned into a channel only setting; which can be set at the admin/channel page. If you have a legacy 'account codeallowed' setting it will no longer be honoured. This gave unfiltered access to all your channels but this is a bad idea. The ability to do malicious activities should be carefully allowed and with the account level option it was too easy to accidentally give it to (for instance) a forum channel and present unnecessary security risks.