|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
I'm experimenting with some issues for HTML posting on my site and wanted to test it out here and found that HTML posting is disabled in the TEST forum.
Would like a place to test on 7.1b2 if it is fixed yet or not.
.
|
|
|
|
Joined: Jun 2006
Posts: 3,837
Carpal Tunnel
|
Carpal Tunnel
Joined: Jun 2006
Posts: 3,837 |
Feel free to put your code into a code wrap and we can try it for you, as an alternative.
|
|
|
|
Joined: Jun 2006
Posts: 9,242 Likes: 1
Former Developer
|
Former Developer
Joined: Jun 2006
Posts: 9,242 Likes: 1 |
Yeah, we can never have HTML enabled on any of our forums on this site, as it's essentially a security risk to be enabled on public forums because of how it allows for javascript.
|
|
|
|
Joined: Aug 2006
Posts: 583
old hand
|
old hand
Joined: Aug 2006
Posts: 583 |
The only place I plan to have HTML enabled is in my announcement forums where only I can post.
Basil
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
Yeah, we can never have HTML enabled on any of our forums on this site, as it's essentially a security risk to be enabled on public forums because of how it allows for javascript. But that can't hurt your system, only possibly some drive by. If you enabled a forum that had to have Admin approval to post you could also prevent that. Then they could post, you view it, then allow or don't allow. Where's the harm?
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
Well with control I still don't see any security issue.. but here is an image from FireFox 2.0 IE7 does not have this display issue. Notice how the text has gone beyond the border. .
|
|
|
|
Joined: Jun 2006
Posts: 106
member
|
member
Joined: Jun 2006
Posts: 106 |
Yeah, we can never have HTML enabled on any of our forums on this site, as it's essentially a security risk to be enabled on public forums because of how it allows for javascript. But that can't hurt your system, only possibly some drive by. If you enabled a forum that had to have Admin approval to post you could also prevent that. Then they could post, you view it, then allow or don't allow. Where's the harm? Someone could insert malicious JavaScript to install malware or capture cookies upon viewing the topic. There are far too many security risks with it enabled to list them all.
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
I agree with Rick and Steve over the security issues with enabling html for public usage. It'd be like leaving your car running at a 7-11 with the windows down and you nowhere in sight...
|
|
|
|
Joined: Jun 2006
Posts: 3,837
Carpal Tunnel
|
Carpal Tunnel
Joined: Jun 2006
Posts: 3,837 |
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
Oh, I know they do lol...
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
If a Moderator or Admin has to APPROVE the post before it can be made public please show me the security issue.
The WORST that could happen is that a Mod or Admin could have their own system do something stupid but it would NEVER touch the SERVER it was running on or the PUBLIC, so where is the security issue?
Come on guys I've been doing support now for over 10 years and most of this fear is way over hyped.
.
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
nt, if you have post moderation ON for the forum thats one thing, if you DO NOT have it on for that forum and you have html enabled thats the problem.
|
|
|
|
Joined: Jun 2006
Posts: 3,837
Carpal Tunnel
|
Carpal Tunnel
Joined: Jun 2006
Posts: 3,837 |
Whilst I understand where you are coming from ntdoc - and agree it 'should' be safe where a mod or admin has to approve a post.
The problem arises when the mod or admin does not understand the code and approves it - whilst I am sure that you will not post anything dodgy, there is no guarantee that someone else might.
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
Fine fine guys... back to the issue at hand then.
See how FireFox displayed the html code that was posted.?
IE7 does not flow the text out of the border like FF does so I see that as an issue that needs to be addressed in 7.2
.
|
|
|
|
Joined: Aug 2006
Posts: 1,649 Likes: 1
Pooh-Bah
|
Pooh-Bah
Joined: Aug 2006
Posts: 1,649 Likes: 1 |
IE7 does not flow the text out of the border like FF does... The CODE tag doesn't word-wrap so FF is actually doing it correctly, by embedding a horizontal scroll bar in the post itself to avoid disruption of the board's layout. IE should do the same either in 7.02 or 7.1 (don't recall which).
GangsterBB.NET (Ver. 7.6.1.1) PHP Version 5.6.40 / MySQL 5.7.23-23 (was 5.6.41-84.1) / Apache 2.4.54 2007 Content Rulez Contest - Hon Mention UBB.classic 6.7.2 - RIP
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
LOL - Well if HTML was enabled here I could test that
|
|
|
|
Joined: Aug 2006
Posts: 1,649 Likes: 1
Pooh-Bah
|
Pooh-Bah
Joined: Aug 2006
Posts: 1,649 Likes: 1 |
Wait... are you using the CODE tag or are you embedding HTML directly into your post? (Got a link?)
GangsterBB.NET (Ver. 7.6.1.1) PHP Version 5.6.40 / MySQL 5.7.23-23 (was 5.6.41-84.1) / Apache 2.4.54 2007 Content Rulez Contest - Hon Mention UBB.classic 6.7.2 - RIP
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
pure html
one sec I'll find link
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
|
|
|
|
Joined: Aug 2006
Posts: 1,649 Likes: 1
Pooh-Bah
|
Pooh-Bah
Joined: Aug 2006
Posts: 1,649 Likes: 1 |
Hmmm... okay, well, it's not HTML at all, so it's obviously not trying to interpret the code (which you don't want anyway). It's formatting it as if you put it in CODE tags (preformatted text) which it's not doing for me in 7.0 by just copying/pasting the code into a post using the HTML markup pulldown. In any event, the end result is expected: Instead of pushing your forum's right sidebar out of view and adding a horizontal scrollbar in your browser (IE), it's just doing that for the post to maintain your board's layout (FF). The same thing happens when people post large pictures, or use the CODE tag with really long lines of text. 7.1 fixes this for IE: 11-26-2006: 7.1 Change: Modified the styles so code/php/quote tags will overflow properly in Internet Explorer.
GangsterBB.NET (Ver. 7.6.1.1) PHP Version 5.6.40 / MySQL 5.7.23-23 (was 5.6.41-84.1) / Apache 2.4.54 2007 Content Rulez Contest - Hon Mention UBB.classic 6.7.2 - RIP
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
I agree that this is intended behavior to preserve the layout; it should also scroll properly in ie in 7.1
|
|
|
|
Joined: Nov 2006
Posts: 3,095 Likes: 1
Carpal Tunnel
|
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095 Likes: 1 |
Yes, we've actually modified the code on purpose to overcome the way the board treats it. Will have to wait and see in 7.1 what it does.
.
|
|
|
Bots
by Outdoorking - 04/13/2024 5:08 PM
|
|
|
|
|
|
1 members (Nightcrawler),
737
guests, and
131
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|