BB Code Enhancements - Safe Tags Obfuscation

Safe Tags v1.0

by Thalamus - October 2007

Nearly two years ago, I was looking at trying to write some code for a forum that would obfuscate certain text within posts. This (somewhat specialized) forum needed a function where, within posts, users could insert text (such as a name, nickname or other reference) that would be humanly readable on the forum pages, but that could not be picked up by search engines or trawler bots.

What I came up with at the time, was using vBcode tags that were 'built-in' by making core file changes to the bbcode class files. These then used javascript to call the base64 functions to meet the requirements. It all worked very well, but unfortunately played havoc with upgrades to vBulletin - each one meant having to re-input the code into the core php files.

With the introduction of the latest versions, and the addition and availability of more hooks, I've developed the function into a product that uses the available hooks, and making things much simpler for updates. There is a file upload, but this is simply a javascript file containing the base64 encode and decode functions.

Tested on vBulletin 3.6.8

What this product does, is to set up a vBcode (BB Code) tag called "safe" which, when used, enables you to place text into your forum posts that, although seen by human viewers of your site pages, obfuscates that text on the raw HTML page for any passing bot or search engine spider.

It does that by using a simple javascript call, to utilize the base64 encode method of encryption. What it does mean, is that if you have instances where you may want something posted on your forum but you don't want it picked up by spiders (names, places), you can now do it quite freely and easily using the Safe Tags method!

If you place an email address or a URL within the [safe] tags, it will not be parsed (although it will be encrypted) and no link will be automatically added to it.

Example:

Quote:

A simple line of text that contains [safe]a name in here[/safe] means that the text between the safe tags will be encrypted on the raw HTML but viewable on the thread page.

Installation

In the zip file you should have three files:

safe_encode.js
product-safetags.xml
safetags-readme.txt

To install, extract the files within the zip file to your own hard drive, then upload the safe_encode.js file into your forum's clientscript folder.

Go to your AdminCP -> Plugins & Products -> Manage Products, then click Add/Import Product.

In the Import Product section, browse for the file product-safetags.xml wherever you extracted it on your hard drive, set Allow Overwrite to Yes, then click Import.
--------------------------

The product installation will create a new custom BBcode which you can check in your AdminCP -> Custom BB Codes -> BB Code Manager.

--------------------------
This is my first published plugin, and I really don't know how much I can offer in terms of support, so please don't expect too much. It's a very easy and simple mod if you look through the xml file.

My grateful thanks to those who have helped me on here, and also to the authors of the code snippets I've used in this (I'm sorry I can't remember who you are - I'm old, and tnat's my excuse...)

Thanks for reading

[Gwyrgyn]

Figured it out. It has to do with the usage of document.write() inside of the script tags. For example, inside of handle_bbcode_safe, this works:

Code:

return "beefy";

And so does this:

Code:

return "<script language=\"javascript\" type=\"text/javascript\"> donothing(); </script>;

But this does not:

Code:

return "<script language=\"javascript\" type=\"text/javascript\"> document.write( decode64( '$fixed' ) ); </script>";

For some reason, using the write function here buggers it up when using AJAX. The solution is to modify some existing html instead. To do this, make a div to modify, and assign it a random id, then edit the innerHTML of it. It should look like this in the end:

Code:

$safeId = vbrand(1, 1000000);
return "<div id=\"safe_container_$safeId\"></div><script type=\"text/javascript\"> document.getElementById('safe_container_$safeId').innerHTML = decode64('$fixed'); </script>";

That should work!

[thalamus]

Thanks for that, Gwyrgyn! :up:

I did a quick checkup, and found the applicable notes here:

http://www.w3.org/MarkUp/2004/xhtml-faq#docwrite

since AJAX is a "standards-based presentation using XHTML and CSS" this would obviously affect it.

I'll go through the code tomorrow and do a check; then if it all works and I'm happy with it I'll update the product.

Many thanks again... I hope the above will explain it for others who may come across the same situation

[thalamus]

OK, seems to work great with the quick reply, but quick edit is obviously handled differently as when a quick edit is saved, the text within the safe tags does not show on the page. However, it is there and shows again once the page is refreshed... I'll check further into it. I'll leave the first post bug report as is for now.

[thalamus]

Unfortunately, I've not been able to spend much time on looking at fixing this mod for the quick reply functions, and I'm not sure how they'll work within the new 3.7 version so with regret, I have to remove my support for this modification.

Thanks to those of you who downloaded and provided me with feedback; perhaps at some future date I may be able to get back to it (time and inclination permitting).