Can someone allow html in siggys?

Can someone allow html in siggys? - Printable Version

-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: General (/forumdisplay.php?fid=11)
+---- Forum: Forum & Website (/forumdisplay.php?fid=13)
+----- Thread: Can someone allow html in siggys? (/showthread.php?tid=38112)

Can someone allow html in siggys? by Supersonicdarky on 02-09-2005 at 02:10 AM

Can someone? I love html!(cause i'm good)

Oh, i didn't see that it's disabled everywhere

, still, my point is the same. Can anyone tell me y though?

RE: Can someone allow html in siggys? by KeyStorm on 02-09-2005 at 02:12 AM

....
....
....
:lol:

Come on, if you're good at it you'll know that you'd be able to do some annoying things.

RE: Can someone allow html in siggys? by Wabz on 02-09-2005 at 02:13 AM

Because its not necessary and it brings problems of exploits to the forums. Plus I don't think I've ever been to a big forum where it is enabled

RE: Can someone allow html in siggys? by Supersonicdarky on 02-09-2005 at 02:14 AM

kk, i just wanted to know

RE: Can someone allow html in siggys? by saralk on 02-09-2005 at 09:00 AM

you can use bbcode though, so you can have bold italic underline and the lot.

RE: Can someone allow html in siggys? by user27089 on 02-09-2005 at 09:03 AM

RE: Can someone allow html in siggys? by Ash_ on 02-09-2005 at 10:22 AM

pfft, not gonna happen.

but just using the str_Replace regexp would remove any explotable tags.

then you could just use the noob code like <a href='www.google.com> Clikkie okz </a> or <img src='imorsm.gif'>

but as saralk explained, you can do all this with bbcode.

RE: Can someone allow html in siggys? by sprinkles on 02-09-2005 at 04:06 PM

or just striptags($post, '<a>, <img>');

RE: Can someone allow html in siggys? by WDZ on 02-09-2005 at 04:15 PM

striptags() is crap... good for simple sites where security isn't important, but there are several easy methods of abusing it.

RE: Can someone allow html in siggys? by KeyStorm on 02-09-2005 at 11:59 PM

while($code == strip_tags($code, ...)
$code == strip_tags($code, ...);

This should be safe enough at a first spot. Can't think a workaround to it atm. *-)

However... who actually cares?

RE: Can someone allow html in siggys? by .blade// on 02-10-2005 at 12:01 AM

Actually, I was surprised to find out that the Sony Playstation forums use HTML and no form of bb ( http://boardsus.playstation.com/playstation/ )

RE: Can someone allow html in siggys? by WDZ on 02-10-2005 at 03:44 AM

quote:
Originally posted by KeyStorm
while($code == strip_tags($code, ...)
$code == strip_tags($code, ...);

I don't think your code is quite right, but I know what you're talking about. I didn't think anyone would be smart enough to post that though.

Anyways, what about using dodgy attributes in an allowed tag?

<img src="images/smilies/omardodgy.gif" style="position: absolute; top: 10px; left: 10px;">
<img src="images/smilies/wdz.gif" onload="runDodgyScript();">

To effectively stop that, you'd probably need regexps, and then you're getting closer to just using BBcode.

RE: Can someone allow html in siggys? by KeyStorm on 02-10-2005 at 04:02 AM

Aw, yeah the second line has an equal too much, and such potentially exploitable attributes should have to be removed, too. (Y)

Regex smells like... "let's leave it as it is, kthks". :refuck:

RE: Can someone allow html in siggys? by Pr0xY on 02-11-2005 at 05:40 AM

quote:
Originally posted by traxor
use mybb code... for help on that go here:

http://shoutbox.menthix.net/misc.php?action=help&hid=8

Nice, about time we got somethign like this for a reference... I like it...

RE: Can someone allow html in siggys? by Eljay on 02-11-2005 at 08:05 AM

quote:
Originally posted by Pr0xY

quote:
Originally posted by traxor
use mybb code... for help on that go here:

http://shoutbox.menthix.net/misc.php?action=help&hid=8
Nice, about time we got somethign like this for a reference... I like it...

thats been there forever

RE: Can someone allow html in siggys? by Ash_ on 02-11-2005 at 09:47 AM

btw WDZ, wheres the runDodgyScript(); comong from, you wont be including it in the sent page source, and Javascript is clientside, so they would only be doing harm to themselves.

and if these forums are coded corectly (which im sure they are [Image: attachment.php?pid=377363] ) theres no need to worry. just use KeyStorm's strip_tags functions.

anyway, maybe someone good with using str_replace should code a quick HTML to BBCode, that searches for like <a href='linkage' border='0'> and it ignores the unneeded commands like onClick and border.

if you know what i mean [Image: attachment.php?pid=377363]

RE: Can someone allow html in siggys? by John Anderton on 02-11-2005 at 10:01 AM

No html codes
Really irritating if there would be a marque going accross when we are reading something. Someone told the already rite ???
Still no

RE: Can someone allow html in siggys? by WDZ on 02-11-2005 at 04:38 PM

quote:
Originally posted by Ash_
btw WDZ, wheres the runDodgyScript(); comong from

It could be a built-in JavaScript function, or you could type as much code as you want right inside there. I've seen some pretty impressive one-line JavaScripts. It could be used to do a cross-site-scripting attack, or steal login cookies, or some other dodgy stuff. :dodgy:

quote:
Originally posted by Ash_
and if these forums are coded corectly (which im sure they are)

haha... I'm not so sure.

quote:
Originally posted by Ash_
anyway, maybe someone good with using str_replace should code a quick HTML to BBCode, that searches for like <a href='linkage' border='0'> and it ignores the unneeded commands like onClick and border.

str_replace()? preg_replace() is what should be used. Anyway, I don't think that's necessary, and I haven't even begun to think about the possible limitations and side effects.