View Full Version : < script language="JavaScript" > is parsing even HTML is disabled
ed2k_2
06-13-2009, 12:04 PM
When i tested this javascript,
< script language="JavaScript" > document.location= "http://www.google.com" < /script >
it suddenly executed and also my board has the html settings disabled. how could i fix this?
IdanB
06-13-2009, 12:12 PM
you wrote this script where exactly ?
and can you explain what you mean by "it suddenly executed".
ed2k_2
06-13-2009, 12:13 PM
i wrote it on a post. then after posting it, the script redirected me to google.com
ragtek
06-13-2009, 12:13 PM
Happens that also which disabled pluginsystem?
IdanB
06-13-2009, 12:17 PM
if you found any "exploit" in the system that allows to execute javascript i would highly advise on discussing it with staff/admins & avoid providing exact details here, to prevent anyone from exploiting this information till proper update is released.
ForumsMods
06-13-2009, 12:53 PM
In which version of vB?
<script language="JavaScript"> document.location= "http://www.google.com" </script>
Doesnt work here.
cono1717
06-13-2009, 02:33 PM
Have you enables HTML for the usergroup that posted it.
Go to yourforum.com/admincp and then go to Usergroups > Usergroup Manager and Disable HTML for every usergroup.
You may have to rebuild your post cache for this to take effect, the html code should then not excecut and just appear like Gaspers Post.
vBulletin® v3.8.12 by vBS, Copyright ©2000-2025, vBulletin Solutions Inc.