BBCode Guide

Diantha · May 31, 2017 at 5:17 PM

Yeah this is not great, probably should remove this
for example now its my sig and that causes loads of problems

Spritanium · May 31, 2017 at 5:37 PM

Every thread @"Yoshin" posts in is now a movie trailer

Mario · May 31, 2017 at 5:50 PM

i think all we need to do is disable the quotation mark in that tag, but maybe other tags are just as exploitable

Draku · May 31, 2017 at 7:30 PM

what the fuck did you all do.

T-man · May 31, 2017 at 7:33 PM

(May 31, 2017 at 7:30 PM)Draku Wrote:
what the fuck did you all do.

Spritey and Mario used their fucking nerd powers to break the site, ban them.

rtsmarty · May 31, 2017 at 8:35 PM

(May 31, 2017 at 5:50 PM)Mario Wrote:
i think all we need to do is disable the quotation mark in that tag, but maybe other tags are just as exploitable

could just allow a-z 0-9 and - based on a quick look at the list of icons

Spritanium · May 31, 2017 at 9:03 PM

I wish there was a safe way to work HTML/CSS/JavaScript abuse into the site

rtsmarty · May 31, 2017 at 9:49 PM

(May 31, 2017 at 9:03 PM)Spritanium Wrote:
I wish there was a safe way to work HTML/CSS/JavaScript abuse into the site

that's literally what bbcode is for

unless you mean arbitrary html/css/javascript injection in which case why would you want that

Mario · May 31, 2017 at 9:59 PM

(May 31, 2017 at 8:35 PM)rtsmarty Wrote:

(May 31, 2017 at 5:50 PM)Mario Wrote:
i think all we need to do is disable the quotation mark in that tag, but maybe other tags are just as exploitable
could just allow a-z 0-9 and - based on a quick look at the list of icons

I think space is fine, how much harm could be caused by allowing arbitrary classes added to it? I guess there could be some wild classes i don't know about
Hmm...

rtsmarty · May 31, 2017 at 10:12 PM

(May 31, 2017 at 9:59 PM)Mario Wrote:

(May 31, 2017 at 8:35 PM)rtsmarty Wrote:

(May 31, 2017 at 5:50 PM)Mario Wrote:
i think all we need to do is disable the quotation mark in that tag, but maybe other tags are just as exploitable
could just allow a-z 0-9 and - based on a quick look at the list of icons

I think space is fine, how much harm could be caused by allowing arbitrary classes added to it? I guess there could be some wild classes i don't know about

do any of these work

yes lmao

i mean it's not harm it's just general looking like shit

Spritanium · May 31, 2017 at 11:27 PM

We should definitely figure out a way to allow the actual fontawesome classes because those are useful

Spritanium · May 31, 2017 at 11:29 PM

(May 31, 2017 at 9:49 PM)rtsmarty Wrote:

(May 31, 2017 at 9:03 PM)Spritanium Wrote:
I wish there was a safe way to work HTML/CSS/JavaScript abuse into the site
that's literally what bbcode is for

unless you mean arbitrary html/css/javascript injection in which case why would you want that

Stuff like on the previous page, like the button that turns every post fab

Just goofy one-off effects like that. It's pretty impossible to allow that without posing a security risk though

Although the "click this to open a browser alert" might make a fun bbcode

Diantha · Jun 3, 2017 at 1:28 AM

[fa={class}]icon[/fa]
would this not work?

EH2 · Jun 15, 2017 at 1:24 PM

so what happened to [fire] again

Draku · Jun 15, 2017 at 1:39 PM

(Jun 15, 2017 at 1:24 PM)EH2 Wrote:
so what happened to [fire] again

Performance issues.

EH2 · Jun 15, 2017 at 4:32 PM

did it make some devices

catch fire

Mario · Jun 15, 2017 at 4:40 PM

(Jun 15, 2017 at 4:32 PM)EH2 Wrote:
did it make some devices

catch fire

never getting another Samsung Note again...