Vulnerability in EPiServer.Forms
Does anyone know of any ways to disable the ability to select frames for links? I have investigated removing the default system frames, but i don't believ it would be possible without manually deleting them from the database. You may be asking why I would want to do this? Well, I am using an XHTML strict doctype, which makes the target attribute of a tags deprecated.
Thanks in advance
Unfortunately it seems that the only way to get rid if these is to do it in the database. I havn't tested but it might be possible to do it though the DataAbstraction API but this would require that you change the IsSystemFrame field to false before deleting the frame. My opinion is that this block of deleting system frames should be removed and that the target drop down in the link dialog should be disabled (so that it takes no focus) when no frames exist. I will notify the product managers about this.
RegardsLinus EkströmEPiServer Development Team
Thank you for the reply. I will investigate a solution for disabling the selection of frames using DataAbstraction. With regards to disabling frames in future versions, it may be useful to have an equivalent 'DisplayEditUI' boolean value for them so frames could be hidden from the UI but still be present.
I have got around the issue by using an adapter to determine the value of xhtmlConformance in the web.config and if set to Strict I have overridden the DisplayEditUI property for properties of type PropertyFrame to be false.
Great Ben. But I guess you still will have your frames available as an possible option in an editor when not removing them, or?
Ah... very true. I'll have to investigate using an adapter on the editor