home
 
 
 
Security Issues
If the page that you're editing is only visible to you, there are no restrictions on what you put in a QDL page. If you can do it in HTML, you can do it in QDL, and this includes objects, applets, scripts, iframes, and offsite links. But if you set the rights such that others can see the page, and the page contains material that could introduce security risks into QDL, there are rules.
 
QDL does not currently allow objects, applets, or iframes in publicly-visible pages. These tags will be removed, and the page will be saved without them.
 
QDL does allow offsite links, and JavaScripts (either remote or embedded), but a QDL administrator has to approve this material before it becomes visible to other people. If the administrator believes that there is a possible security risk, the material will not be approved. The decision of the administrator will be final and not subject to any higher-level review. Also, while the administrators will strive to review material on a regular basis, they can commit to getting legitimate material approved on any definite schedule.
 
General guidelines used in the review process are:
  • Remote URLs
    • QDL limits the number of offsite links in a publicly-visible page to less than the total number of new pages that you have already created. So in your first post, you cannot submit a page with any offsite links at all. In your second post, you can submit a page with no more than one offsite link. Seasoned users can submit lots of offsite links if they want.
    • Domains that contain obscene material will be blacklisted, such that they will get rejected automatically in the future.
    • Domains maintained by reputable organizations will be whitelisted, such that they will get approved automatically in the future.
    • Anything else requires that the administrator look at the site to determine if it would generally be considered savory material, and can be trusted to be maintained as such. Approval might occur within a couple of days.
  • JavaScripts
    • Any script that reads cookies will be rejected.
    • Simple inline scripts might get approved in a couple of days.
    • Large, complex scripts (such as gadgets) might take much longer to approve, or might not be approved at all, simply due to the labor involved in reviewing the code. Users wishing to publish complex scripts, and who are willing to pay a consulting fee to the QDL administrators for the code review process, can get past this.
    • References to offsite scripts will only be approved if the domain is a reputable organization, and there is plenty of reason to believe that the code will not become malicious in the future. If there is any doubt whatsoever, the administrators will not approve offsite script references.

← PREV Powered by Quick Disclosure Lite
© 2010~2021 SCS-INC.US
NEXT →