Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 03-26-2002, 12:59 PM
dengel dengel is offline
 
Join Date: Jan 2002
Posts: 22
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Allow HTML but forbid JavaScript in signatures?

Is there a way to allow HTML in signatures, but not JavaScript? The reasons should be obvious enough. I did a search, and did not find anything. Should be a change easy to do, right?

d.
Reply With Quote
  #2  
Old 03-26-2002, 01:00 PM
Admin's Avatar
Admin Admin is offline
Coder
 
Join Date: Oct 2023
Location: Server
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Javascript is automatically removed from all texts in vBulletin:
Code:
javascript:xxx
Reply With Quote
  #3  
Old 03-26-2002, 01:10 PM
dengel dengel is offline
 
Join Date: Jan 2002
Posts: 22
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Does not seem to be. I've got an user with JavaScript on his signature that works fine. I do have HTML enabled for signatures, and I'd like to block JavaScript.. or the whole <script> tag.
d.
Reply With Quote
  #4  
Old 03-26-2002, 01:22 PM
okrogius okrogius is offline
 
Join Date: Dec 2001
Location: USA
Posts: 264
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Go to admin cp. vB Options. Add the <script> into the to censor word list.
Reply With Quote
  #5  
Old 03-26-2002, 01:48 PM
dengel dengel is offline
 
Join Date: Jan 2002
Posts: 22
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That censor thing did the trick. But I went to printthread.php and added:
Code:
      $post[signature] = eregi_replace("< *SCRIPT", "<!--", $post[signature]);
      $post[signature] = eregi_replace("< */SCRIPT *>", "-->", $post[signature]);
after
Code:
if ($post[showsignature] and $allowsignatures and trim...
Not optimal, but seems to work

d.
Reply With Quote
  #6  
Old 03-26-2002, 01:52 PM
dengel dengel is offline
 
Join Date: Jan 2002
Posts: 22
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No...that did *not* work. I guess I'll use the censor thing then. Oh well....

d.
Reply With Quote
  #7  
Old 03-26-2002, 05:29 PM
Dan203 Dan203 is offline
 
Join Date: Dec 2001
Location: Nevada
Posts: 7
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The problem is that users can use event handlers to launch scripts (i.e. onClick, onLoad, etc...) So you'd need to block all event handlers to prevent scripts from lauching. The problem with that is that IE supports tons of their own propritary event handlers, so it would be a lot of work.

Dan
Reply With Quote
  #8  
Old 03-26-2002, 05:34 PM
dengel dengel is offline
 
Join Date: Jan 2002
Posts: 22
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I see your point...

d.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:30 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04196 seconds
  • Memory Usage 2,225KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete