PHP or JS in editable areas - gtbu/Typesetter5.2 GitHub Wiki

In Typesetter the addition of pure php like < ?php echo "..."; ? > has been disabled out of security reasons (: method rmPHP() in the files.php file.)

• Some other CMS's use # .... # (with evaluate) which is a security-risk.

• Others use {{ function(...) }} - but the problem is the content of the function.

User have posted workarounds with

• Javascript execution of such php and of loading a picture in an iframe and then change the link into a link to a php-file.

The question is whether it is a good practice.

• The inbuilt Elfinder-filemanager allows only acess to the userfiles-directory and no php-files.

• An old form discussion of this theme.

• For Javascript is the AddScript-Plugin for Typesetter, which can be used to enter source code directly into the page