BBCode Guide
Every thread @"Yoshin" posts in is now a movie trailer
i think all we need to do is disable the quotation mark in that tag, but maybe other tags are just as exploitable
“Naturally, the workers are perfectly free; the manufacturer does not force them to take his materials and his cards, but he says to them..'If you don't like to be frizzled in my frying- pan, you can take a walk into the fire.” -Friedrich Engels
I wish there was a safe way to work HTML/CSS/JavaScript abuse into the site
(May 31, 2017 at 8:35 PM)rtsmarty Wrote:
(May 31, 2017 at 5:50 PM)Mario Wrote:could just allow a-z 0-9 and - based on a quick look at the list of icons
i think all we need to do is disable the quotation mark in that tag, but maybe other tags are just as exploitable
I think space is fine, how much harm could be caused by allowing arbitrary classes added to it? I guess there could be some wild classes i don't know about
“Naturally, the workers are perfectly free; the manufacturer does not force them to take his materials and his cards, but he says to them..'If you don't like to be frizzled in my frying- pan, you can take a walk into the fire.” -Friedrich Engels
(May 31, 2017 at 9:59 PM)Mario Wrote:do any of these work
(May 31, 2017 at 8:35 PM)rtsmarty Wrote:
(May 31, 2017 at 5:50 PM)Mario Wrote:could just allow a-z 0-9 and - based on a quick look at the list of icons
i think all we need to do is disable the quotation mark in that tag, but maybe other tags are just as exploitable
I think space is fine, how much harm could be caused by allowing arbitrary classes added to it? I guess there could be some wild classes i don't know about
yes lmao
i mean it's not harm it's just general looking like shit
We should definitely figure out a way to allow the actual fontawesome classes because those are useful
(May 31, 2017 at 9:49 PM)rtsmarty Wrote:Stuff like on the previous page, like the button that turns every post fab
(May 31, 2017 at 9:03 PM)Spritanium Wrote:that's literally what bbcode is for
I wish there was a safe way to work HTML/CSS/JavaScript abuse into the site
unless you mean arbitrary html/css/javascript injection in which case why would you want that
Just goofy one-off effects like that. It's pretty impossible to allow that without posing a security risk though
Although the "click this to open a browser alert" might make a fun bbcode
(Jun 15, 2017 at 4:32 PM)EH2 Wrote:never getting another Samsung Note again...
did it make some devices
catch fire
“Naturally, the workers are perfectly free; the manufacturer does not force them to take his materials and his cards, but he says to them..'If you don't like to be frizzled in my frying- pan, you can take a walk into the fire.” -Friedrich Engels
Users browsing this thread: