Insert an image in the signature …
Quote from Elwood on June 12, 2017, 5:10 pmHello, after checking “Allow signatures” in the functionality.
I can not make my images appear in the signature.
I obey this:
Can you tell me where the problem is?
Hello, after checking “Allow signatures” in the functionality.
I can not make my images appear in the signature.
I obey this:
Can you tell me where the problem is?
Uploaded files:Quote from Elwood on June 12, 2017, 5:35 pmI tried, but I can not get this button {…} in my tools.
I’m not very good at coding … sorry.I will try again …
But thank you very much for your response.
I tried, but I can not get this button {…} in my tools.
I’m not very good at coding … sorry.
I will try again …
But thank you very much for your response.
Quote from Asgaros on June 13, 2017, 1:46 pmThe problem with HTML in signatures is the following: If I allow certain tags like the one for images, people will start to ask that I should allow other tags (bold/divs/etc) as well – which will be hard to maintain.
Another solution would be to just allow HTML by default. But this means, that users can also include iframes, scripts etc which is a huge security-problem. This is the reason why you should never allow users to add their own code to your website.
Even when I only allow images, this could be a problem as well. In the past there were some security issues where users could link to an image file which in reality was not an image at all. And because of bugs in certain browsers, some malicious code inside those fake-images could run on the machines of the users who visited your website.
In a couple of countrys there are laws (for example in germany) where the owner of a website is responsible for the content which is generated there by his users. Now imagine what will happen, if such content can be used to infect other users. Thats one of the reasons why I want to avoid that kind of stuff by all costs because it would be a security issue by design.
What I can do is to add a filter which allows you to modify (e.g. unescape) the content of a signature again so that HTML-tags will get rendered.
The problem with HTML in signatures is the following: If I allow certain tags like the one for images, people will start to ask that I should allow other tags (bold/divs/etc) as well – which will be hard to maintain.
Another solution would be to just allow HTML by default. But this means, that users can also include iframes, scripts etc which is a huge security-problem. This is the reason why you should never allow users to add their own code to your website.
Even when I only allow images, this could be a problem as well. In the past there were some security issues where users could link to an image file which in reality was not an image at all. And because of bugs in certain browsers, some malicious code inside those fake-images could run on the machines of the users who visited your website.
In a couple of countrys there are laws (for example in germany) where the owner of a website is responsible for the content which is generated there by his users. Now imagine what will happen, if such content can be used to infect other users. Thats one of the reasons why I want to avoid that kind of stuff by all costs because it would be a security issue by design.
What I can do is to add a filter which allows you to modify (e.g. unescape) the content of a signature again so that HTML-tags will get rendered.