Previous Thread
Next Thread
Print Thread
Hop To
OpenGraph Desc Header Displays <script> code when in HTML mode #262220 02/01/2019 1:38 PM
Joined: Jun 2008
Posts: 81
mmem700 Offline OP
Journeyman
OP Offline
Journeyman
Joined: Jun 2008
Posts: 81
When a post is posted in HTML mode, the open-graph "description" header displays code in <script> tags.

Before populating the og:description header., it may be good to:

1. Convert the post to raw text (stripping out all HTML).
2. Remove all linefeeds and carriage-returns.
3. Remove all duplicate spaces.

Here's a real-life example.
This is what I'm seeing in the header of one of my posts.
This is posted in HTML mode and contains a script tag at the beginning to pull in some boilerplate text for the post.

This ends up throwing some garbage into the <head> of the HTML page:

HTML
<meta property="og:description" content="document.write(GetPostTemplate_LinkToThis(&quot;http://urlbam.com/ha/2zz&quot;,&quot;http://urlbam.com/ha/1zz&quot;,&quot;Amalgam Fillings &amp;amp; Mercury Poisoning&quot;));


The Smoking Tooth Video
  Did you know that mercury vapor offgasses from amalgam (&amp;quot;silver&amp;quot;...">


Hope this is helpful.

Last edited by mmem700; 02/01/2019 2:10 PM.

Today they call you "crazy".
Tomorrow they call you "ahead of your time".
Re: OpenGraph Desc Header Displays <script> code when in HTML mode [Re: mmem700] #262225 02/01/2019 6:02 PM
Joined: Jun 2006
Posts: 15,852
Gizmo Online Tapedshut
UBB.threads Developer
Online Tapedshut
UBB.threads Developer
Joined: Jun 2006
Posts: 15,852
Well, PHP Strip Tags is whats eliminating the HTML tags (as it should) in the description, but is left with the script content as post content (as the content is not comprised of HTML tags); are you allowing users to post HTML code? It's extremely dangerous if so...

The BBCode system generally has most tags that users could need to make posts (most formatting options) and you could make a custom bbcode (in the editor in the Control Panel) if you needed to extend the system (though, again, I woudln't allow users to post any JavaScript).


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Need to Upgrade?
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: OpenGraph Desc Header Displays <script> code when in HTML mode [Re: mmem700] #262230 02/03/2019 6:41 PM
Joined: Jun 2008
Posts: 81
mmem700 Offline OP
Journeyman
OP Offline
Journeyman
Joined: Jun 2008
Posts: 81
Thanks for responding.

Actually, we only allow admins to post HTML.

The Post-As-HTML feature is very powerful and very useful for us.
I really appreciate having it available.

Just wondering if CRs, LFs and <script> tags should be stripped (only when posting in HTML mode) before placing it in the og:description header.


Today they call you "crazy".
Tomorrow they call you "ahead of your time".
Re: OpenGraph Desc Header Displays <script> code when in HTML mode [Re: mmem700] #262231 02/03/2019 6:47 PM
Joined: Jun 2006
Posts: 15,852
Gizmo Online Tapedshut
UBB.threads Developer
Online Tapedshut
UBB.threads Developer
Joined: Jun 2006
Posts: 15,852
Originally Posted by mmem700
Just wondering if CRs, LFs and <script> tags should be stripped (only when posting in HTML mode) before placing it in the og:description header.
Negative, the way things work for all posts is to run things through the filters, the easiest of which is strip_tags (well, a custom form of it, see the strip_tags_special function in libs/bbcode.inc.php), which is removing tags as its supposed to, but is being left with the additional content within the tags in your post as post data (as the stripped tags are being removed as they are supposed to be).

HTML posts and HTML with UBBCode are parsed differently, BBCode posts will not filter CR and LFs.

If linking to offsite JavaScript is a requirement, you should look into custom bbcode tags; your special use of the HTML mode (to include JavaScript) is really out of the scope for what these default tags were written for (which was formatting), so if you want to keep the stock code in place and not use custom bbcode tags (with its default behavior) I'd recommend just leaving the og:description tag commented out.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Need to Upgrade?
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: OpenGraph Desc Header Displays <script> code when in HTML mode [Re: mmem700] #262238 02/03/2019 10:10 PM
Joined: Jun 2008
Posts: 81
mmem700 Offline OP
Journeyman
OP Offline
Journeyman
Joined: Jun 2008
Posts: 81
I hear what you're saying and thanks for the info.

I can just comment out the code for now, but please don't ever remove the ability to make HTML posts. We rely heavily on this and it works well for us.

Thanks.


Today they call you "crazy".
Tomorrow they call you "ahead of your time".
Re: OpenGraph Desc Header Displays <script> code when in HTML mode [Re: mmem700] #262239 02/03/2019 10:12 PM
Joined: Jun 2006
Posts: 15,852
Gizmo Online Tapedshut
UBB.threads Developer
Online Tapedshut
UBB.threads Developer
Joined: Jun 2006
Posts: 15,852
Originally Posted by mmem700
I can just comment out the code for now, but please don't ever remove the ability to make HTML posts. We rely heavily on this and it works well for us.

No plans to, I create templates like this for clients.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Need to Upgrade?
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: OpenGraph Desc Header Displays <script> code when in HTML mode [Re: mmem700] #262258 02/05/2019 12:04 PM
Joined: Jun 2008
Posts: 81
mmem700 Offline OP
Journeyman
OP Offline
Journeyman
Joined: Jun 2008
Posts: 81
Very nice.

So by "template" you mean block of HTML that you use over and over... is that right?

Is there some feature in UBBT that helps with this that I may be missing?

Just thought I'd ask in case this is something that we could be using.

Thanks.


Today they call you "crazy".
Tomorrow they call you "ahead of your time".
Re: OpenGraph Desc Header Displays <script> code when in HTML mode [Re: mmem700] #262266 02/05/2019 2:24 PM
Joined: Jun 2006
Posts: 15,852
Gizmo Online Tapedshut
UBB.threads Developer
Online Tapedshut
UBB.threads Developer
Joined: Jun 2006
Posts: 15,852
You could insert a default og:image tag in the header includes (CP -> Display -> Gerneral -> HTML Includes).


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Need to Upgrade?
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: OpenGraph Desc Header Displays <script> code when in HTML mode [Re: mmem700] #262267 02/05/2019 2:43 PM
Joined: Apr 2004
Posts: 1,549
isaac Online Splat
UBB.threads Developer
Online Splat
UBB.threads Developer
Joined: Apr 2004
Posts: 1,549
thumbsup good suggestion, giz


Current developer of UBB.threads PHP Forum Software // 7.7.3 released!
isaac @ id242.com // my forum @ CelicaHobby.com
Re: OpenGraph Desc Header Displays <script> code when in HTML mode [Re: mmem700] #262370 02/18/2019 12:02 PM
Joined: Jun 2008
Posts: 81
mmem700 Offline OP
Journeyman
OP Offline
Journeyman
Joined: Jun 2008
Posts: 81
Quote
You could insert a default og:image tag in the header includes (CP -> Display -> Gerneral -> HTML Includes).


Yes, that's what I resorted to doing.

thx


Today they call you "crazy".
Tomorrow they call you "ahead of your time".

Forum Search
ShoutChat Box
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Mobile app?
by Baldeagle - 12/06/2019 9:32 PM
How do you change Text Line spacing?
by jorb - 11/23/2019 12:14 AM
What happened to FAQ or Forum Help
by Ruben - 11/20/2019 11:58 AM
Search feature encountering an Error message
by jorb - 11/20/2019 12:06 AM
UBB Dev
by JAISP - 11/03/2019 11:01 AM
Who's Online Now
2 registered members (isaac, JAISP), 65 guests, and 401 spiders.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Amusing Terain Scenics
Amusing Terain Scenics
by isaac, August 19
Sky places
Sky places
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Snapshot build 20191023)