My b2evolution Version: 3.3.3
I need to enable iframes on my blog but noticed the warning in the back office that if I did so I would make it more likely for users to be able to execute xss attacks on my blog for many a potential nasty purpose.
Question I have is: does that statement apply only to blog "users" that have an account and are entering blog posts? Or does that apply to site visitors as well? (sounds rather obvious that it must only apply to registered users who can post but I'd prefer to verify this)
Thanks in advance.
General Support
b2evolution CMS Support Forums
True. Should be disabled unless you trust the users.