What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » General » Forum & Website » Can someone allow html in siggys?

Pages: (2): « First « 1 [ 2 ] Last »
Can someone allow html in siggys?
Author: Message:
.blade//
Veteran Member
*****

Avatar

Posts: 2856
Reputation: 39
36 / Male / –
Joined: Jan 2004
RE: Can someone allow html in siggys?
Actually, I was surprised to find out that the Sony Playstation forums use HTML and no form of bb ( http://boardsus.playstation.com/playstation/ )

This post was edited on 02-10-2005 at 12:01 AM by .blade//.
[Image: A%20Pointy%20Rock.jpg]
02-10-2005 12:01 AM
Profile PM Web Find Quote Report
WDZ
Former Admin
*****

Avatar

Posts: 7106
Reputation: 107
– / Male / Flag
Joined: Mar 2002
RE: Can someone allow html in siggys?
quote:
Originally posted by KeyStorm
while($code == strip_tags($code, ...)
$code == strip_tags($code, ...);
I don't think your code is quite right, but I know what you're talking about. I didn't think anyone would be smart enough to post that though. :| :p

Anyways, what about using dodgy attributes in an allowed tag?

<img src="images/smilies/omardodgy.gif" style="position: absolute; top: 10px; left: 10px;">
<img src="images/smilies/wdz.gif" onload="runDodgyScript();">

To effectively stop that, you'd probably need regexps, and then you're getting closer to just using BBcode.
02-10-2005 03:44 AM
Profile PM Web Find Quote Report
KeyStorm
Elite Member
*****

Avatar
Inn-sewer-ants-pollie-sea

Posts: 2156
Reputation: 45
38 / Male / –
Joined: Jan 2003
RE: Can someone allow html in siggys?
Aw, yeah the second line has an equal too much, and such potentially exploitable attributes should have to be removed, too. (Y)

Regex smells like... "let's leave it as it is, kthks". :refuck:

This post was edited on 02-10-2005 at 04:04 AM by KeyStorm.
02-10-2005 04:02 AM
Profile E-Mail PM Web Find Quote Report
Pr0xY
Veteran Member
*****

Avatar
passwords are for treehouses

Posts: 1325
Reputation: 26
– / Male / –
Joined: Jul 2003
Status: Away
RE: Can someone allow html in siggys?
quote:
Originally posted by traxor
use mybb code... for help on that go here:

http://shoutbox.menthix.net/misc.php?action=help&hid=8
Nice, about time we got somethign like this for a reference... I like it...
02-11-2005 05:40 AM
Profile PM Find Quote Report
Eljay
Elite Member
*****

Avatar
:O

Posts: 2949
Reputation: 77
– / Male / –
Joined: May 2004
RE: Can someone allow html in siggys?
quote:
Originally posted by Pr0xY
quote:
Originally posted by traxor
use mybb code... for help on that go here:

http://shoutbox.menthix.net/misc.php?action=help&hid=8
Nice, about time we got somethign like this for a reference... I like it...

thats been there forever :P
02-11-2005 08:05 AM
Profile PM Find Quote Report
Ash_
Senior Member
****

Avatar

Posts: 638
Reputation: 31
35 / Male / –
Joined: Aug 2004
RE: Can someone allow html in siggys?
btw WDZ, wheres the runDodgyScript(); comong from, you wont be including it in the sent page source, and Javascript is clientside, so they would only be doing harm to themselves.

and if these forums are coded corectly (which im sure they are [Image: attachment.php?pid=377363] ) theres no need to worry. just use KeyStorm's strip_tags functions.

anyway, maybe someone good with using str_replace should code a quick HTML to BBCode, that searches for like <a href='linkage' border='0'> and it ignores the unneeded commands like onClick and border.

if you know what i mean :P [Image: attachment.php?pid=377363]
[Image: jeansiger5.jpg]
02-11-2005 09:47 AM
Profile PM Find Quote Report
John Anderton
Elite Member
*****

Avatar

Posts: 3908
Reputation: 80
37 / Male / Flag
Joined: Nov 2004
Status: Away
RE: Can someone allow html in siggys?
No html codes :)
Really irritating if there would be a marque going accross when we are reading something. Someone told the already rite ???
Still no :)
[

KarunAB.com
]

[img]http://gamercards.exophase.com/459422.png[
/img]
02-11-2005 10:01 AM
Profile E-Mail PM Web Find Quote Report
WDZ
Former Admin
*****

Avatar

Posts: 7106
Reputation: 107
– / Male / Flag
Joined: Mar 2002
RE: Can someone allow html in siggys?
quote:
Originally posted by Ash_
btw WDZ, wheres the runDodgyScript(); comong from
It could be a built-in JavaScript function, or you could type as much code as you want right inside there. I've seen some pretty impressive one-line JavaScripts. It could be used to do a cross-site-scripting attack, or steal login cookies, or some other dodgy stuff. :dodgy:

quote:
Originally posted by Ash_
and if these forums are coded corectly (which im sure they are)
haha... I'm not so sure. :p

quote:
Originally posted by Ash_
anyway, maybe someone good with using str_replace should code a quick HTML to BBCode, that searches for like <a href='linkage' border='0'> and it ignores the unneeded commands like onClick and border.
str_replace()? preg_replace() is what should be used. Anyway, I don't think that's necessary, and I haven't even begun to think about the possible limitations and side effects.
02-11-2005 04:38 PM
Profile PM Web Find Quote Report
Pages: (2): « First « 1 [ 2 ] Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On