Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
  #1  
Old 04-19-2005, 09:31 PM
zetetic's Avatar
zetetic zetetic is offline
 
Join Date: Apr 2004
Posts: 338
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default HTML Brain Teaser

I recently enabled HTML in posts on my forum, but only for members of the "Can use HTML" group. (Thanks to this handy hack.)

And one of my users immediately found a little bug. By putting:

HTML Code:
<!--
in a post, he was able to screw up the postbit so bad the reply buttons were all gone and such. To prevent it, I tried all these tags after $post[message] in the postbit template:

HTML Code:
<!-- comment -->
<!-- -->
<!---->
-->
But the first three had no effect (they just got commented out with everything else from the opening comment tag in the post) and the last one just showed up at the end of every post.

Can you think of a solution to this? (Besides disabling HTML )
Reply With Quote
  #2  
Old 04-19-2005, 09:54 PM
DRJ DRJ is offline
 
Join Date: Jan 2005
Location: California USA
Posts: 164
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

a) disable html.
b) only allow members that will not #$%# up your board to use html.
c) when b fails, refer to a.
Reply With Quote
  #3  
Old 04-19-2005, 10:04 PM
zetetic's Avatar
zetetic zetetic is offline
 
Join Date: Apr 2004
Posts: 338
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by DRJ
a) disable html.
See the words preceding the tongue out smilie. HTML is a powerful tool that (used properly) can dramatically improve the aesthetic quality of a forum.

Disabling it is not an option!
Quote:
b) only allow members that will not #$%# up your board to use html.
There will always be people who are malicious, clueless or careless. I think the answer is to try to make the software foolproof, not cripple it.
Quote:
c) when b fails, refer to a.
So you don't know how to fix it, eh?
Reply With Quote
  #4  
Old 04-19-2005, 11:56 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Adding <!-- to the swear censor might work - I haven't tested it.
Reply With Quote
  #5  
Old 04-20-2005, 12:02 AM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M
Adding <!-- to the swear censor might work - I haven't tested it.
IF you don't want users messing up your page layout, stop letting them use html, period.
Reply With Quote
  #6  
Old 04-20-2005, 12:16 AM
DRJ DRJ is offline
 
Join Date: Jan 2005
Location: California USA
Posts: 164
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I am sorry I do not know a 100% fix. And you will run into more problems then just the <!--.

What you need to do is create bb code to allow certain html tags to be used.
Reply With Quote
  #7  
Old 04-20-2005, 12:29 AM
kall's Avatar
kall kall is offline
 
Join Date: Apr 2004
Location: New Zealand
Posts: 2,608
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The whole idea of not allowing HTML is to prevent precisely what you have had happen.

There's no way around it. If you allow it, you have to limit it..and that defeats the purpose of allowing it.
Reply With Quote
  #8  
Old 04-20-2005, 12:37 AM
zetetic's Avatar
zetetic zetetic is offline
 
Join Date: Apr 2004
Posts: 338
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M
Adding <!-- to the swear censor might work - I haven't tested it.
Ooo... now that's a good idea. Unfortunately I use this user optional word censor hack in place of the regular word censor, so that won't work for me. But thanks for giving it some thought.

Quote:
Originally Posted by kall
The whole idea of not allowing HTML is to prevent precisely what you have had happen.

There's no way around it. If you allow it, you have to limit it..and that defeats the purpose of allowing it.
What makes completely removing it better than limiting it? I already limit it by restricting it to people who are in a specific group. And you're right, if I have to limit it a lot more than that I might as well not enable it at all.

I have to say... I've seen all the discussion around here and at vb.com over the years about how nobody should ever enable HTML under any circumstance ever ever ever, and it really makes me wonder why Jelsoft hasn't just removed the functionality from vBulletin.

But even if they did, I'd find a way to hack it back in.
Reply With Quote
  #9  
Old 04-20-2005, 01:43 AM
kobescoresagain kobescoresagain is offline
 
Join Date: Feb 2005
Posts: 327
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

could you somehow put --> somewhere. that way they would cancel each other out?
Reply With Quote
  #10  
Old 04-20-2005, 01:49 AM
zetetic's Avatar
zetetic zetetic is offline
 
Join Date: Apr 2004
Posts: 338
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by kobescoresagain
could you somehow put --> somewhere. that way they would cancel each other out?
I thought I could, but unfortunately if you put that right after $post[message] in the postbit template it shows up in every post. Hmm... maybe I can put it within a comment though. I wonder what effect something like <!-- --> --> might have. I'll keep playing around.

ETA: Well I'll be damned. That seems to work!

Oops, no it doesn't.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:22 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07596 seconds
  • Memory Usage 2,257KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_html
  • (7)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete