Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted January 24, 200718 yr I think, current custom bbcodes lack of security. It's impossible to control parameters content. The most simple example: bbcode (published many times at this forum). There are no ways to filter <,",>,& and other signs from video ID. So, bad ID can spoil generated HTML code.I offer to add a field for regular expression, that should be applied to bbcode parameter. It can strip unwanded symbols or freeze convertion to HTML if condition doesn't match.The benefits is:- easy to implement- enougth to give necessary security for most cases.May be, that can be included in the nearest release?
February 7, 200718 yr Hmm... no reaction after one week.Is this suggestion stupid / useless / not needed ?
February 7, 200718 yr No, it's a good idea. But we plan on overhauling the custom bbcode system (and implementing a lot of great ideas Cy posted several months ago) in 3.x roughly...so this would wait until then most likely.
February 7, 200718 yr No, it's a good idea. But we plan on overhauling the custom bbcode system (and implementing a lot of great ideas Cy posted several months ago) in 3.x roughly...so this would wait until then most likely.Anyway, good news. Thanks for reply.
February 8, 200718 yr link to cy post bfarber?http://forums.invisionpower.com/index.php?...=215353&hl=
February 8, 200718 yr Thanks great,I have one more proposal. If you plan to make a really flexible bbcode system, you could add php fucnctions in each bbcode config. That's not difficult to implement. Then no needs to make separate fields for regular expressions.
February 9, 200718 yr http://forums.invisionpower.com/index.php?...=215353&hl=no wonder i was confused trying to find it, THE GUY IS CALLED LUKE :P.
February 9, 200718 yr no wonder i was confused trying to find it, THE GUY IS CALLED LUKE :P.He used to be called Cy ;)
Archived
This topic is now archived and is closed to further replies.