CRED 1.3.3 With Stability and Security Improvements
We just released a new bug fix version of CRED (1.3.3). It addresses an important security issue which allowed adding scripts and HTML tags to the content created by CRED forms.
To address this issue in the best possible way, we are now filtering out the script tags and we also added a new Content Filter section to the CRED Settings/Import page.
The Content Filter section allows you to choose HTML tags that are allowed for usage in the CRED forms on the front-end. Any other tags will be filtered out when submitting the forms.
You can read more about the new Content Filter section in our documentation, here.
Complete list of fixes and improvements:
- Fixed a security issue where users were allowed to add javascript code through CRED forms.
https://toolset.com/forums/topic/cred-html-enabled-in-input-fields-questions-about-that/ - Added the new “Content Filter” section to the CRED Settings/Import page which allows users to select HTML tags that are allowed for usage inside form fields.
https://toolset.com/forums/topic/cred-html-enabled-in-input-fields-questions-about-that/ - Removed deprecated arguments for maximum width and height of an image field.
https://toolset.com/forums/topic/creds-max_width-max_height-parameters-dont-seem-to-do-anything/ - Fixed Wrong font height for popular post tags.
Download and Update
You can download all Toolset components from your wp-types.com account.
Questions? Ideas? Suggestions? Leave your feedback here and we’ll reply.
Awesome! The content filter section is great! Thank you!!!
Can you please elaborate a little more so that everyone can understand the proper working of CRED (1.3.3).
Sorry for the late response. What information are you looking for? Please tell me and I will direct you to the right documentation page.
Hello,
I need ability to allow users to post iframe and embed tags since the field itself is related to video. How can I enable these tags? Can I use some filter hooks and which one?
Thanks
Hi Ljubisa,
I would suggest you to open a ticket for your question in our official forum, here:
https://toolset.com/forums/
This will ensure that you get an exact answer/help with any questions and problems you are struggling with or maybe you are just not sure about.
Let me try to provide a quick answer to your question. From what I understood:
– To allow the user to post iframe, you should probably create a custom shortcode
because iframes are filtered out by WordPress for security reasons.
– When we are talking about typical embedded video tags, it should be enough to put the video URL in a WYSIWYG editor and WordPress should do the rest.
I hope this helps. If you’re still not sure on how to resolve this, please open a ticket and our forum support people will be happy to help!
Thank you.
I am using CRED forms in my website. Its really good.