Security package block simple email form functionality

[NielBuys]

Security package "https://securitycheck.protegetuordenador.com/downloads/securitycheck" block form submit as xss attack.

Setup Joomla 3.8.13 Php 7.0 on Ubuntu 16.04 Simple email form v2.3.0 mode "JForm". (Upgraded simpleemailform from old v1 Simple email form) I have 1 from field 3 Normal fields 1 hidden subject field 1 text area. Captcha is activated. Type simple words into boxes. On submit security check brings up block page.

I can't exclude simple email form from security check because security form pick up the submit that it comes from com_content. See attachment below.

I switched simpleemailform to classic mode because of this.

[andrewscaya]

Hi @NielBuys,

From what I gather, the security package that you are using is slightly overzealous and does not authorize rich HTML strings in the textarea input field of your form. You can turn off the TinyMCE version of the form in Joomla's administration panel. It is usually found under 'Extensions -> Plugins -> Editor - TinyMCE '.

Please let us know if this answers your question.

Many thanks for your interest in the Simple Email Form module!

Best regards,

Andrew

[NielBuys]

@andrewscaya Thanks but I use the TinyMCE on other parts of the website. I would rather switch it off as a setting in the Simple Email form module. I don't really have any interest to show the TineMCE on my web form, I would rather it show the text area like the classic version. I just though I bring it to your attention. You can decide if you want to close the issue. From my side I am fine with the classic version for now it serves my purpose. For all the attacks that I receive on my server, I would rather the security package block too much than too little. Thanks for the reply.

[andrewscaya]

@NielBuys --

Many thanks! Then, I'll keep the issue open for the Simple Email Form 3.0 milestone, as the classic mode will be retired at that time.

Best,

Andrew