Here I am

HTML and UBB Code

Attention: TDR Forum Junkies
To the point: Click this link and check out the Front Page News story(ies) where we are tracking the introduction of the 2025 Ram HD trucks.

Thanks, TDR Staff
I

Call waiting for PC

  • illflem
  • Replies: 3
N

TSB's

  • nabby52
  • Replies: 3
Status
Not open for further replies.
K

kpayne

There is a CERT (http://www.cert.org/) security advisory about HTML tag usage in forum software.

Example critical scenarios:

- Redirecting the user to the reply of one's scripted message fill the box with garbled data and set a loop up that pressed post as many times as possible.

- A script posting itself in other threads as well, eventually totaly destroying the forum

It can easily be done if you know DHTML and Javascript. The embedded Javascript can use a click method to post messages repeatedly whenever a user views a thread containing the script.

CERT advisories should be taken very seriously since they are the place for security notices. Every time you hear about a new vunerability, it was usually reported on CERT first.

HTML is now turned off for all forums. This does not mean, however, that you lose functionality. You can still use UBB code to accomplish the same things with almost identical syntax to HTML. That's how I did bold text. You can still link images, email addresses, create lists, format tables, link to other sites/pages, etc. Nothing is lost and security is gained.

-Ken


[This message has been edited by ken (edited 12-17-2000). ]
 
No more different font sizes, no more font color, no more sounds. Oh but I can still use UBB code to make my text <b>bold</b> whoopie! Forums are now dull and boring like the Ford site... .

UBB code can <b>not</b> take the place of HTML.

[This message has been edited by KatDiesel (edited 12-17-2000). ]
 
Your concerns have been heard and addressed. I've just written some Perl code which will allow font colors, sizes, tables, etc. in UBB code. Just use the brackets for your tags instead of &lt; and &gt;. My code filters out possible rouge UBB code. <font color=#ff0000>See</font> <font size=+1>my</font> <blink>example?</blink> To embed sounds, just link to them.

-Ken


[This message has been edited by ken (edited 12-17-2000). ]
 
<font color=blue>Ok well I realize HTML is still off but at least there is this compromise. On the sounds do I use the same embed tag as I would with HTML? I must say I am surprised at how quickly you addressed it. I think for all parties involved it would be best if you would anounce some type change like this, before someone like me notices it and wonder what the hecks going on?

A Lil communication goes a long way.

Thank you.
 
I did communicate it. That's what this thread is. You just beat me to posting the notification. Unfortunately, there was a delay between the start of turning off HTML and my posting notification of the change. Children have a way of interrupting you with things that are soooooo important to them. #ad


Anyway, embedding sounds directly has not been addressed (yet). The embed tag is one of the CERT warnings. As soon as I figure out a work-around, it'll be posted here. The Perl code ought to be easy, but I have to figure out how to distinguish embedded sound from other embedded items. I'm thinking I can figure out an inline frame method to get around it.

-Ken
 
<font color=blue>Ok Guess I should have stated it "slightly" different. Maybe post before you make the changes, before some one such as myself notices it. Make sense?

It would just ease up on the frustration on all parties involved.

ANd in regards to the software upgrade I wanna put in my vote for VBulletin.
 
I see a problem here. Why is it that when I UBB tag something, post it and then try to edit it, all of my UBB tags become HTML? Then when I resubmit, the html is NOT accepted. That means if I want to repost, I have to convert all of the &lt; into < and all of the &gt; into > What's up with that?

I used to hate how the forum would convert hyperlink email addresses into UBB thereby eliminating it's functionality, and now this #ad

Ken click edit on edit on any post in this thread that uses UBB code and you will see what I'm talking about.
 
Originally posted by Bryan Brenneman:
I see a problem here. Why is it that when I UBB tag something, post it and then try to edit it, all of my UBB tags become HTML? Then when I resubmit, the html is &lt;b&gt;NOT&lt;/b&gt; accepted. That means if I want to repost, I have to convert all of the &lt; into &lt; and all of the &gt; into &gt; What's up with that?

I used to hate how the forum would convert hyperlink email addresses into UBB thereby eliminating it's functionality, and now this #ad

Ken click edit on edit on any post in this thread that uses UBB code and you will see what I'm talking about.
Click to expand...

That has been the case with UBB for as long as I can remember it. It has always messed up both the UBB codes and the html you put in. Apparently, the edit works similar to a 'cut and paste' from the parsed display, not the raw code used to generate the page.

It's a UBB bug (feature, misfeature, interesting ability, annoyance - pick your favorite term here) that's been around for as long as I've ever been on a forum that uses it.
 
Power Wagon,
I understand what you are saying but, the real point I was trying to make was that when editing a post that had UBB tags, all the tags become html. If you take notice, even what you quoted me as saying isn't what my message said. the &lt;b&gt; and &lt;/b&gt; tag were not visible in my post. This has only been since the revision of today, but Ken said he had a fix #ad
 
Okay gang, I coded a <font size=+1>fix</font>. HTML is now enabled. You no longer need to use UBB code. What I've done is written a set of HTML filters that gets rid of potentially harmful HTML tags.
Enjoy!

Ken


[This message has been edited by ken (edited 12-18-2000). ]
 
Ken, It looks like you missed something in the filter. This post is causing the banner at the bottom.


Removed script

[This message has been edited by Bryan Brenneman (edited 12-19-2000). ]
 
Testing for success. The script is in this post now and removed from the previous post. Looks like it still works.

Edit: script removed

[This message has been edited by Bryan Brenneman (edited 12-22-2000). ]
 
PLAY CONNECT FOUR
<applet codebase="http://www.bodo.com/Applets/Connect4/classes/" code=Connect4. class width=292 height=322>
</applet>

What about java applets? Are they acceptable for a discussion forum?
 
Status
Not open for further replies.
Issue 128 – Digital Version
Digital Magazines
FREE!
TDR Test Drive - Digital Edition
Renew
Subscribe
Gift Subscriptions
Back Issues
Subscription Status
Address Change Form
Buyer's Guides
Ram Diagnostic Trouble Codes
The Perfect Collection
The Perfect Collection Vol. II
TSB Updates
Dodge/Cummins Historical Overview
Cameron Collection
What Makes Us Tick?
Product Showcase
Advertising



Turbo Diesel Register
Issue 128 – Digital Version
Digital Magazines
FREE!
TDR Test Drive - Digital Edition
Renew
Subscribe
Gift Subscriptions
Back Issues
Subscription Status
Address Change Form
Buyer's Guides
Ram Diagnostic Trouble Codes
The Perfect Collection
The Perfect Collection Vol. II
TSB Updates
Dodge/Cummins Historical Overview
Cameron Collection
What Makes Us Tick?
Product Showcase
Advertising



Back
Top