The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
< script language="JavaScript" > is parsing even HTML is disabled
When i tested this javascript,
Code:
< script language="JavaScript" > document.location= "http://www.google.com" < /script > |
#2
|
||||
|
||||
you wrote this script where exactly ?
and can you explain what you mean by "it suddenly executed". |
#3
|
|||
|
|||
i wrote it on a post. then after posting it, the script redirected me to google.com
|
#4
|
|||
|
|||
Happens that also which disabled pluginsystem?
|
#5
|
||||
|
||||
if you found any "exploit" in the system that allows to execute javascript i would highly advise on discussing it with staff/admins & avoid providing exact details here, to prevent anyone from exploiting this information till proper update is released.
|
#6
|
|||
|
|||
In which version of vB?
<script language="JavaScript"> document.location= "http://www.google.com" </script> Doesnt work here. |
#7
|
|||
|
|||
Have you enables HTML for the usergroup that posted it.
Go to yourforum.com/admincp and then go to Usergroups > Usergroup Manager and Disable HTML for every usergroup. You may have to rebuild your post cache for this to take effect, the html code should then not excecut and just appear like Gaspers Post. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|