vb.org Archive - Template Headinclude XSS Bug Internet Explorer

Page 1 of 2

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- Programming Articles (https://vborg.vbsupport.ru/forumdisplay.php?f=188)

- - Template Headinclude XSS Bug Internet Explorer (https://vborg.vbsupport.ru/showthread.php?t=83480)

DR?@M W?@V?R

06-20-2005 10:00 PM

Template Headinclude XSS Bug Internet Explorer

Taken from vbulletin.com, should be noted when makeing new templates or updateing old ones.

http://www.vbulletin.com/forum/showthread.php?t=143261

In order to work around an XSS bug in Internet Explorer, wherever a page contains <title> tags, the <title> has been moved below the $headinclude section.

For Example

Quote:

<head>
<title>$vboptions[bbtitle]</title>
$headinclude
</head>

Becomes

Quote:

<head>
$headinclude
<title>$vboptions[bbtitle]</title>
</head>

Revan

06-21-2005 01:23 PM

[high]* Revan has already updated templates for RPG for vB 3.5 with this change :)[/high]

Link14716

06-24-2005 05:58 PM

Also taken from vB.com, a way to use template find/replace to solve the problem. ;)

http://www.vbulletin.com/forum/showthread.php?t=143320

akanevsky

06-24-2005 08:50 PM

Umm.. What's the difference whether the title tag is above the insert or below the insert? I can't think of a situation where this would be of any importance. Thanks.

Link14716

06-24-2005 11:41 PM

Quote:

Originally Posted by Dark Visor

Umm.. What's the difference whether the title tag is above the insert or below the insert? I can't think of a situation where this would be of any importance. Thanks.

Obviously it is an importance in IE because of some bug.

akanevsky

06-25-2005 12:52 AM

So IE won't read the title tag if it is not the first one within the head tag?

Link14716

06-25-2005 01:22 AM

That's not the bug. It's an XSS bug.

http://en.wikipedia.org/wiki/XSS

akanevsky

10-10-2005 09:42 PM

Since this is not a How-To, I believe this should be moved.
Or even deleted since it is outdated (fixed in 3.5 gold)

Andreas

10-10-2005 09:44 PM

Quote:

Originally Posted by Dark Visor

Since this is not a How-To, I believe this should be moved.
Or even deleted since it is outdated (fixed in 3.5 gold)

It's in the right place and won't be moved or deleted as it is important information for Hack authors. :)

akanevsky

10-10-2005 10:37 PM

Quote:

It's in the right place and won't be moved or deleted as it is important information for Hack authors.

I thought How-To was for instructions on how to make hacks...
This is kind of a bug report. I think this should be on vbulletin.com rather than here. :)

All times are GMT. The time now is 10:51 AM.

Page 1 of 2

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01247 seconds Memory Usage 1,730KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (5)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: