Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Skins, Themes, ...Skins, Themes, ...Continued discussion from Gemini DNN-7134Continued discussion from Gemini DNN-7134
Previous
 
Next
New Post
3/13/2008 5:08 PM
 
Timo Breumelhof


Timo Breumelhof's Avatar

www.40fingers.net
Joined: 2/9/2006
Posts: 4430

There is a discussion in Gemini here, about  server side code in HTML skins.
Gemini is not the place to discuss this, so I would like to continue here.
The discussion is about the question if this should be allowed, not how to...

IMO if you allow an admin to upload ASCX skins then there's no reason to not allow server side code in HTML skins.
(then there is no real security risk, so no gain and it would be a breaking change)

Unless you would split up the admin skin upload permissions in two options

1. Allow upload of HTML skins (no ASCX)
2. Allow upload of HTML & ASCX skins

Then if option 1. is selected, it would make sense to strip all server side code from the skin...

(This might have been discussed before)

Any opinions?

BTW, IMO the upload portal skin option should be per portal.
 
New Post
3/14/2008 4:50 AM
 
Sebastian Leupold


Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

www.dnnwerk.de
Joined: 3/8/2004
Posts: 46212

splitting up permissions sounds like a good idea, though I am not sure about potential risks from e.g. flash objects included.

you are right, permissions shall be granted per portal (or, even better, per individual) including allowed file types.

Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
New Post
3/14/2008 11:39 AM
 
Jeff Cochran


Joined: 6/3/2005
Posts: 2799

I agree that there really isn't a valid security reason to block server side code in HTML skins if you allow ASCX skins to be uploaded.  And splitting permission would be the best method to handle this, though a commercial HTML skin with server side code might be an issue for some admins.  Skinners would need to differentiate the skins.  Of course, since this isn't going to happen for a while, and Cambrian might change a lot of skinning options, skins developed to DNN 5.x could magae this.

Jeff
 
New Post
3/14/2008 12:40 PM
 
keeperofstars

Joined: 1/22/2008
Posts: 273

I could care less, just worried how well the parser could manage to actually parse out the right tags for the script section. It would have to identify the script tags for server side scripts and then position them correctly in the resulting ascx page, ensure all the additional custom registeries are managed, and well what good is having server side scripts if you can't modify the tokens directly anyways cause the parser is going to look for the xml for the token values / parameters. So you are looking to add page controls with custom server side code to manage them, so now the parser has to figure out which tags in the html is true html tags or asp.net tags (easy to do just more overhead for parser). Eh to me it seems like a full rewrite of the skin parser to accept all the possiblities, when all the person needs to do is change the extension from html to ascx. Why reinvent the wheel? 
 
New Post
3/14/2008 8:17 PM
 
Timo Breumelhof


Timo Breumelhof's Avatar

www.40fingers.net
Joined: 2/9/2006
Posts: 4430

FYI, we were not discussing .NET code in script tags, I agree you should use an ASCX skin if you need that kind of functionality.

It was about "inline code" like: <%=Portalsettings.ActiveTab.TabName%> which the current skinparser doesn't touch, and would be easy to remove...

(I think the skinparser uses REGEX mostly so removing blocks with runat=server shouldn't be to difficult either)
 
 Page 1 of 4
1234Next 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Skins, Themes, ...Skins, Themes, ...Continued discussion from Gemini DNN-7134Continued discussion from Gemini DNN-7134


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out