#41
Yoshin
Yeah this is not great, probably should remove this
for example now its my sig and that causes loads of problems
#42
Spritanium
Every thread @Yoshin posts in is now a movie trailer
[Image: O7N9eYD.png]
[Image: Q0L8Wm2.png]  <- Help me work on MW instead of doing my job

DRAKU WAS HERE SPRITEY IS A LOSER
#43
Mario
i think all we need to do is disable the quotation mark in that tag, but maybe other tags are just as exploitable
“Naturally, the workers are perfectly free; the manufacturer does not force them to take his materials and his cards, but he says to them..'If you don't like to be frizzled in my frying- pan, you can take a walk into the fire.” -Friedrich Engels
#44
Draku
what the fuck did you all do.
[Image: ynr38c.jpg]
#45
B-man
(May 31, 2017 at 7:30 PM)Draku Wrote: what the fuck did you all do.

Spritey and Mario used their fucking nerd powers to break the site, ban them.
#46
rtsmarty
(May 31, 2017 at 5:50 PM)Mario Wrote: i think all we need to do is disable the quotation mark in that tag, but maybe other tags are just as exploitable
could just allow a-z 0-9 and - based on a quick look at the list of icons
#47
Spritanium
I wish there was a safe way to work HTML/CSS/JavaScript abuse into the site
[Image: O7N9eYD.png]
[Image: Q0L8Wm2.png]  <- Help me work on MW instead of doing my job

DRAKU WAS HERE SPRITEY IS A LOSER
#48
rtsmarty
(May 31, 2017 at 9:03 PM)Spritanium Wrote: I wish there was a safe way to work HTML/CSS/JavaScript abuse into the site
that's literally what bbcode is for

unless you mean arbitrary html/css/javascript injection in which case why would you want that
#49
Mario
(May 31, 2017 at 8:35 PM)rtsmarty Wrote:
(May 31, 2017 at 5:50 PM)Mario Wrote: i think all we need to do is disable the quotation mark in that tag, but maybe other tags are just as exploitable
could just allow a-z 0-9 and - based on a quick look at the list of icons

I think space is fine, how much harm could be caused by allowing arbitrary classes added to it? I guess there could be some wild classes i don't know about Hmm...
“Naturally, the workers are perfectly free; the manufacturer does not force them to take his materials and his cards, but he says to them..'If you don't like to be frizzled in my frying- pan, you can take a walk into the fire.” -Friedrich Engels
#50
rtsmarty
(May 31, 2017 at 9:59 PM)Mario Wrote:
(May 31, 2017 at 8:35 PM)rtsmarty Wrote:
(May 31, 2017 at 5:50 PM)Mario Wrote: i think all we need to do is disable the quotation mark in that tag, but maybe other tags are just as exploitable
could just allow a-z 0-9 and - based on a quick look at the list of icons

I think space is fine, how much harm could be caused by allowing arbitrary classes added to it? I guess there could be some wild classes i don't know about Hmm...
do any of these work



yes lmao

i mean it's not harm it's just general looking like shit
#51
Spritanium
We should definitely figure out a way to allow the actual fontawesome classes because those are useful
#52
Spritanium
(May 31, 2017 at 9:49 PM)rtsmarty Wrote:
(May 31, 2017 at 9:03 PM)Spritanium Wrote: I wish there was a safe way to work HTML/CSS/JavaScript abuse into the site
that's literally what bbcode is for

unless you mean arbitrary html/css/javascript injection in which case why would you want that
Stuff like on the previous page, like the button that turns every post fab

Just goofy one-off effects like that. It's pretty impossible to allow that without posing a security risk though

Although the "click this to open a browser alert" might make a fun bbcode
[Image: O7N9eYD.png]
[Image: Q0L8Wm2.png]  <- Help me work on MW instead of doing my job

DRAKU WAS HERE SPRITEY IS A LOSER
#53
Yoshin
[fa={class}]icon[/fa]
would this not work?
#54
EH2
so what happened to [fire] again
#55
Draku
(Jun 15, 2017 at 1:24 PM)EH2 Wrote: so what happened to [fire] again
Performance issues.
[Image: ynr38c.jpg]
#56
EH2
did it make some devices

catch fire
#57
Mario
(Jun 15, 2017 at 4:32 PM)EH2 Wrote: did it make some devices

catch fire
never getting another Samsung Note again...
“Naturally, the workers are perfectly free; the manufacturer does not force them to take his materials and his cards, but he says to them..'If you don't like to be frizzled in my frying- pan, you can take a walk into the fire.” -Friedrich Engels

Users browsing this thread:

Forum Jump:

";