We have many articles that have embedded youtube videos in them. Whenever we edit these articles, SCP locks me out of my admin with the "The webmaster has forbidden your access to this site" error message.
Once I am able to get back in again (simply by opening another browser window and logging back in), I check the logs and there are XSS attack logs from my IP (which is whitelisted by the way).
This prevents us from editing any article which has an embedded youtube video.
attached is a photo of the log entry.
Clifton Murphy - Owner
Funny Bug Bees And Wood Works
Wont this also basically turn off XSS script checking and not provide protection from XSS attacks? Also there is no "Filter All Tags" drop down. There is a "Strip All Tags" drops down, is this what you meant?
Clifton Murphy - Owner
Funny Bug Bees And Wood Works
Wont this also basically turn off XSS script checking and not provide protection from XSS attacks?
No, there are many tags listed when you change the dropdown. Those tags are those most commonly used in attacks. Filtering all tags we get false positives if, as is your case, some editors add other tags (p tag for instance).
Also there is no "Filter All Tags" drop down. There is a "Strip All Tags" drops down, is this what you meant?