vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Allow HTML but forbid JavaScript in signatures? (https://vborg.vbsupport.ru/showthread.php?t=36572)

dengel 03-26-2002 12:59 PM
Allow HTML but forbid JavaScript in signatures?
 
Is there a way to allow HTML in signatures, but not JavaScript? The reasons should be obvious enough. I did a search, and did not find anything. Should be a change easy to do, right?

d.

Admin 03-26-2002 01:00 PM
Javascript is automatically removed from all texts in vBulletin:
Code:
javascript:xxx

dengel 03-26-2002 01:10 PM
Does not seem to be. I've got an user with JavaScript on his signature that works fine. I do have HTML enabled for signatures, and I'd like to block JavaScript.. or the whole <script> tag.
d.

okrogius 03-26-2002 01:22 PM
Go to admin cp. vB Options. Add the <script> into the to censor word list.

dengel 03-26-2002 01:48 PM
That censor thing did the trick. But I went to printthread.php and added:
Code:
      $post[signature] = eregi_replace("< *SCRIPT", "<!--", $post[signature]);
      $post[signature] = eregi_replace("< */SCRIPT *>", "-->", $post[signature]);
after
Code:
if ($post[showsignature] and $allowsignatures and trim...
Not optimal, but seems to work :)

d.

dengel 03-26-2002 01:52 PM
No...that did *not* work. I guess I'll use the censor thing then. Oh well.... :(

d.

Dan203 03-26-2002 05:29 PM
The problem is that users can use event handlers to launch scripts (i.e. onClick, onLoad, etc...) So you'd need to block all event handlers to prevent scripts from lauching. The problem with that is that IE supports tons of their own propritary event handlers, so it would be a lot of work.

Dan

dengel 03-26-2002 05:34 PM
I see your point...

d.


All times are GMT. The time now is 03:31 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01066 seconds
  • Memory Usage 1,716KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_code_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete