Vitaly Posted January 24, 2007 Share Posted January 24, 2007 I think, current custom bbcodes lack of security. It's impossible to control parameters content. The most simple example: bbcode (published many times at this forum). There are no ways to filter <,",>,& and other signs from video ID. So, bad ID can spoil generated HTML code.I offer to add a field for regular expression, that should be applied to bbcode parameter. It can strip unwanded symbols or freeze convertion to HTML if condition doesn't match.The benefits is:- easy to implement- enougth to give necessary security for most cases.May be, that can be included in the nearest release? Link to comment Share on other sites More sharing options...
Vitaly Posted February 7, 2007 Share Posted February 7, 2007 Hmm... no reaction after one week.Is this suggestion stupid / useless / not needed ? Link to comment Share on other sites More sharing options...
bfarber Posted February 7, 2007 Share Posted February 7, 2007 No, it's a good idea. But we plan on overhauling the custom bbcode system (and implementing a lot of great ideas Cy posted several months ago) in 3.x roughly...so this would wait until then most likely. Link to comment Share on other sites More sharing options...
Jaggi Posted February 7, 2007 Share Posted February 7, 2007 link to cy post bfarber? Link to comment Share on other sites More sharing options...
Vitaly Posted February 7, 2007 Share Posted February 7, 2007 No, it's a good idea. But we plan on overhauling the custom bbcode system (and implementing a lot of great ideas Cy posted several months ago) in 3.x roughly...so this would wait until then most likely.Anyway, good news. Thanks for reply. Link to comment Share on other sites More sharing options...
bfarber Posted February 8, 2007 Share Posted February 8, 2007 link to cy post bfarber?http://forums.invisionpower.com/index.php?...=215353&hl= Link to comment Share on other sites More sharing options...
Vitaly Posted February 8, 2007 Share Posted February 8, 2007 Thanks great,I have one more proposal. If you plan to make a really flexible bbcode system, you could add php fucnctions in each bbcode config. That's not difficult to implement. Then no needs to make separate fields for regular expressions. Link to comment Share on other sites More sharing options...
Jaggi Posted February 9, 2007 Share Posted February 9, 2007 http://forums.invisionpower.com/index.php?...=215353&hl=no wonder i was confused trying to find it, THE GUY IS CALLED LUKE :P. Link to comment Share on other sites More sharing options...
stobbo Posted February 9, 2007 Share Posted February 9, 2007 no wonder i was confused trying to find it, THE GUY IS CALLED LUKE :P.He used to be called Cy ;) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.