Previous Thread
Next Thread
Print Thread
Hop To
#171207 12/26/2006 5:36 PM
Joined: Nov 2006
Posts: 3,095
Likes: 1
Carpal Tunnel
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095
Likes: 1
I'm experimenting with some issues for HTML posting on my site and wanted to test it out here and found that HTML posting is disabled in the TEST forum.

Would like a place to test on 7.1b2 if it is fixed yet or not.

.

ntdoc #171208 12/26/2006 6:09 PM
Joined: Jun 2006
Posts: 3,837
I
Ian Offline
Carpal Tunnel
Carpal Tunnel
I Offline
Joined: Jun 2006
Posts: 3,837
Feel free to put your code into a code wrap and we can try it for you, as an alternative.

Ian #171209 12/26/2006 6:59 PM
Joined: Jun 2006
Posts: 9,242
Likes: 1
R
Former Developer
Former Developer
R Offline
Joined: Jun 2006
Posts: 9,242
Likes: 1
Yeah, we can never have HTML enabled on any of our forums on this site, as it's essentially a security risk to be enabled on public forums because of how it allows for javascript.

Rick #171213 12/26/2006 7:18 PM
Joined: Aug 2006
Posts: 583
old hand
old hand
Joined: Aug 2006
Posts: 583
The only place I plan to have HTML enabled is in my announcement forums where only I can post.

Basil

Rick #171222 12/26/2006 8:40 PM
Joined: Nov 2006
Posts: 3,095
Likes: 1
Carpal Tunnel
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095
Likes: 1
Originally Posted by Rick
Yeah, we can never have HTML enabled on any of our forums on this site, as it's essentially a security risk to be enabled on public forums because of how it allows for javascript.

But that can't hurt your system, only possibly some drive by. If you enabled a forum that had to have Admin approval to post you could also prevent that. Then they could post, you view it, then allow or don't allow. Where's the harm?



Rick #171246 12/26/2006 9:44 PM
Joined: Nov 2006
Posts: 3,095
Likes: 1
Carpal Tunnel
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095
Likes: 1
What you think Rick???

Rick #171278 12/27/2006 3:14 PM
Joined: Nov 2006
Posts: 3,095
Likes: 1
Carpal Tunnel
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095
Likes: 1
Well with control I still don't see any security issue.. but here is an image from FireFox 2.0 IE7 does not have this display issue.

Notice how the text has gone beyond the border.

[Linked Image from kixhelp.com]

.

ntdoc #171706 12/30/2006 1:30 PM
Joined: Jun 2006
Posts: 106
member
member
Joined: Jun 2006
Posts: 106
Originally Posted by ntdoc
Originally Posted by Rick
Yeah, we can never have HTML enabled on any of our forums on this site, as it's essentially a security risk to be enabled on public forums because of how it allows for javascript.

But that can't hurt your system, only possibly some drive by. If you enabled a forum that had to have Admin approval to post you could also prevent that. Then they could post, you view it, then allow or don't allow. Where's the harm?


Someone could insert malicious JavaScript to install malware or capture cookies upon viewing the topic. There are far too many security risks with it enabled to list them all.

Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
I agree with Rick and Steve over the security issues with enabling html for public usage. It'd be like leaving your car running at a 7-11 with the windows down and you nowhere in sight...


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Gizmo #171737 12/30/2006 5:15 PM
Joined: Jun 2006
Posts: 3,837
I
Ian Offline
Carpal Tunnel
Carpal Tunnel
I Offline
Joined: Jun 2006
Posts: 3,837
trust me people do!!!

Ian #171740 12/30/2006 5:19 PM
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
Originally Posted by Ian
trust me people do!!!
Oh, I know they do lol...


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Gizmo #171758 12/30/2006 8:41 PM
Joined: Nov 2006
Posts: 3,095
Likes: 1
Carpal Tunnel
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095
Likes: 1
If a Moderator or Admin has to APPROVE the post before it can be made public please show me the security issue.

The WORST that could happen is that a Mod or Admin could have their own system do something stupid but it would NEVER touch the SERVER it was running on or the PUBLIC, so where is the security issue?

Come on guys I've been doing support now for over 10 years and most of this fear is way over hyped.

.

ntdoc #171767 12/30/2006 10:28 PM
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
nt, if you have post moderation ON for the forum thats one thing, if you DO NOT have it on for that forum and you have html enabled thats the problem.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Gizmo #171777 12/30/2006 11:15 PM
Joined: Jun 2006
Posts: 3,837
I
Ian Offline
Carpal Tunnel
Carpal Tunnel
I Offline
Joined: Jun 2006
Posts: 3,837
Whilst I understand where you are coming from ntdoc - and agree it 'should' be safe where a mod or admin has to approve a post.

The problem arises when the mod or admin does not understand the code and approves it - whilst I am sure that you will not post anything dodgy, there is no guarantee that someone else might.


Ian #171793 12/31/2006 1:30 AM
Joined: Nov 2006
Posts: 3,095
Likes: 1
Carpal Tunnel
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095
Likes: 1
Fine fine guys... back to the issue at hand then.

See how FireFox displayed the html code that was posted.?

IE7 does not flow the text out of the border like FF does so I see that as an issue that needs to be addressed in 7.2

.

ntdoc #171894 12/31/2006 2:17 PM
Joined: Aug 2006
Posts: 1,649
Likes: 1
Pooh-Bah
Pooh-Bah
Joined: Aug 2006
Posts: 1,649
Likes: 1
Originally Posted by ntdoc
IE7 does not flow the text out of the border like FF does...

The CODE tag doesn't word-wrap so FF is actually doing it correctly, by embedding a horizontal scroll bar in the post itself to avoid disruption of the board's layout. IE should do the same either in 7.02 or 7.1 (don't recall which).


GangsterBB.NET (Ver. 7.6.1.1)
PHP Version 5.6.40 / MySQL 5.7.23-23 (was 5.6.41-84.1) / Apache 2.4.54
2007 Content Rulez Contest - Hon Mention
UBB.classic 6.7.2 - RIP
jgeoff #171905 12/31/2006 4:47 PM
Joined: Nov 2006
Posts: 3,095
Likes: 1
Carpal Tunnel
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095
Likes: 1
LOL - Well if HTML was enabled here I could test that wink

ntdoc #171908 12/31/2006 4:50 PM
Joined: Aug 2006
Posts: 1,649
Likes: 1
Pooh-Bah
Pooh-Bah
Joined: Aug 2006
Posts: 1,649
Likes: 1

Wait... are you using the CODE tag or are you embedding HTML directly into your post? (Got a link?)


GangsterBB.NET (Ver. 7.6.1.1)
PHP Version 5.6.40 / MySQL 5.7.23-23 (was 5.6.41-84.1) / Apache 2.4.54
2007 Content Rulez Contest - Hon Mention
UBB.classic 6.7.2 - RIP
jgeoff #171911 12/31/2006 5:28 PM
Joined: Nov 2006
Posts: 3,095
Likes: 1
Carpal Tunnel
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095
Likes: 1
pure html

one sec I'll find link

jgeoff #171912 12/31/2006 5:33 PM
Joined: Nov 2006
Posts: 3,095
Likes: 1
Carpal Tunnel
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095
Likes: 1

ntdoc #171921 12/31/2006 6:13 PM
Joined: Aug 2006
Posts: 1,649
Likes: 1
Pooh-Bah
Pooh-Bah
Joined: Aug 2006
Posts: 1,649
Likes: 1

Hmmm... okay, well, it's not HTML at all, so it's obviously not trying to interpret the code (which you don't want anyway). It's formatting it as if you put it in CODE tags (preformatted text) which it's not doing for me in 7.0 by just copying/pasting the code into a post using the HTML markup pulldown.

In any event, the end result is expected: Instead of pushing your forum's right sidebar out of view and adding a horizontal scrollbar in your browser (IE), it's just doing that for the post to maintain your board's layout (FF). The same thing happens when people post large pictures, or use the CODE tag with really long lines of text.

7.1 fixes this for IE:
Quote
11-26-2006: 7.1 Change: Modified the styles so code/php/quote tags will overflow properly in Internet Explorer.



GangsterBB.NET (Ver. 7.6.1.1)
PHP Version 5.6.40 / MySQL 5.7.23-23 (was 5.6.41-84.1) / Apache 2.4.54
2007 Content Rulez Contest - Hon Mention
UBB.classic 6.7.2 - RIP
jgeoff #171930 12/31/2006 7:50 PM
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
I agree that this is intended behavior to preserve the layout; it should also scroll properly in ie in 7.1


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Gizmo #171961 12/31/2006 8:36 PM
Joined: Nov 2006
Posts: 3,095
Likes: 1
Carpal Tunnel
Carpal Tunnel
Joined: Nov 2006
Posts: 3,095
Likes: 1
Yes, we've actually modified the code on purpose to overcome the way the board treats it. Will have to wait and see in 7.1 what it does.

.


Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
spam issues
by ECNet - 03/19/2024 11:45 PM
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Who's Online Now
3 members (rootman, Gizmo, Nightcrawler), 562 guests, and 186 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)