Made to Order Software Corporation Logo

Insert Node Security Considerations

Although the accessibility of the node and comments are checked, it is a good idea to see this module as a security risk giving users a way to display nodes otherwise forbidden to them.

Because a lot of the data is used unfiltered, it is strongly suggest that you pay very close attention to the order of your filters. If you authorize this module to your users (i.e. where they can select an Input filter that includes this specific filter,) then look into checking the HTML code after this filter. Otherwise, a user could inject some unwanted HTML code1.

  • 1. Of course, the inclusion of a node should only be the HTML code that comes from that other node, which may be considered safe in those other nodes, but only because they use a safe filter!