Jump to content

Sugestion: Custom bbcode security improvement

Guest Vitaly

Recommended Posts

I think, current custom bbcodes lack of security. It's impossible to control parameters content. The most simple example: bbcode (published many times at this forum). There are no ways to filter <,",>,& and other signs from video ID. So, bad ID can spoil generated HTML code.

I offer to add a field for regular expression, that should be applied to bbcode parameter. It can strip unwanded symbols or freeze convertion to HTML if condition doesn't match.

The benefits is:
- easy to implement
- enougth to give necessary security for most cases.

May be, that can be included in the nearest release?

Link to comment
Share on other sites

  • 2 weeks later...

No, it's a good idea. But we plan on overhauling the custom bbcode system (and implementing a lot of great ideas Cy posted several months ago) in 3.x roughly...so this would wait until then most likely.

Anyway, good news. Thanks for reply.
Link to comment
Share on other sites

Thanks great,

I have one more proposal. If you plan to make a really flexible bbcode system, you could add php fucnctions in each bbcode config. That's not difficult to implement. Then no needs to make separate fields for regular expressions.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...