$GLOBALS[’filtrer_javascript’]

The $filtrer_javascript variable is used to select the security model that SPIP will apply to JavaScripts embedded into editorial text.

For JavaScript scripts that are embedded into articles, sections, author’s bio text fields, etc.... there are three different scenarios possible for how they are processed:

  • parano: -1
  • by default: 0
  • ok: 1

The parano mode (paranoid) will not execute the code in either the private zone nor on the public web site (the code is simply displayed in an inoffensive manner instead).
The default mode displays the code in red (without executing it) in the private space, but will execute it (without displaying it) in the public-facing pages.
The ok mode executes the code everywhere (in both private and public zones).

It is possible to assign the value of this variable in your mes_options.php file (located in the config/ directory):

// set javascript processing mode to paranoid
$GLOBALS[’filtrer_javascript’] = -1;

note 1: In the forums, petitions, syndicated articles, etc. it is always secured: the code is displayed but not never executed, regardless of what value you might assign to $filtrer_javascript.

note 2: if $GLOBALS[’filtrer_javascript’] is defined as 0 or -1, SVG formated documents are filtered if they originated from an editorand will not be executed (their header will be secured in the form: <?xml version="1.0"?>).

Author Mark Published : Updated : 21/04/23

Translations : català, English, français, Nederlands