m (moved CKFinder/Developers Guide/ColdFusion/Configuration/Security/Html extensions to CKFinder 1.x/Developers Guide/ColdFusion/Configuration/Security/Html extensions) |
|
(No difference)
|
Latest revision as of 07:46, 28 May 2010
Sometimes when you're uploading a file it may have an html code in the first KB of its data. The CKFinder will upload the file with the html code only when the file extension is written in the following section:config.htmlExtensions = 'html,htm,xml,js';So for example: if you want to upload a .xsl file which has a html code in the beginning, you should add its the extension to the list.
config.htmlExtensions = 'html,htm,xml,xsl,js';This function secures your server from the attack of the Universal XSS / MIME Type detection.