Handling of HTML editors

Question

Hi all,&nbsp;
I've a question regarding HTML editors in multiple CMS. If we want attack signatures and/or parameter meta-char checking we constantly see violations because of different html-,... tags included in HTML-Editor as a POST parameter. (i.e. changing article information as an authorized user)
We have this issue on multiple CMS and didn't really know how to fix this issue in a proper way.
At the moment I turn off meta-chars and signatures checks for such parameters. - is there a good/better way without having excessive work?&nbsp;
Thanks in advance,
Philipp&nbsp;

arnaud_lemaire · Answer

My gut feeling is that CMS is injecting code to your application, which means most signatures or character checking are useless ... i would suggest to deactivate such checks for urls used to post by creating a wildcard parameter for them, and removing sig and meta characters.

Forum Discussion

Handling of HTML editors

1 Reply

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

iRules Editor with Visual Studio Code

Intermediate iRules: Handling Strings

F5 Editor Eclipse Plugin v2

Intermediate iRules: Handling Lists

Handle False Positive for files upload