Jump to content

Why arent bbcodes protected functions


Recommended Posts

OK every forum has a special custom key: ipb, gottalk, invisionize etc

so when bbcodes are run, the skin has to check for this key

BUT i am lost !!! i can run ALL javascripts through the skins anyways, so why bother to parse it out of the bbcodes?? especially when the admin is the only ones who can edit them !!

If you mean that the editors in the ACP are the same as the front, and they use the same functions, they why NOT write a secondary function for the ACP and admins?

Link to comment
Share on other sites

[quote name='Smoke-ZB' date='27 May 2009 - 05:48 AM' timestamp='1243399693' post='1805493']
Wouldn't that cause potential security issues though? Allowing javascript to be posted?

you tell me dude. the whole web 2 is based on JS.....the JS function is wrapped up in bbcodes, and the output is through IPB. Its as controlled as u can get it....

why do a hard stripping and then leave it all open in the skin?? Sounds all Maginot Line to me !!

Its like shooting off ya leg because you got a snake bite; sometime u have to but is it this time?

Link to comment
Share on other sites

You need to change how you do what you are trying to do. I don't even know what you are trying to do, but you can always just give your content a class in the bbcode and then use javascript in your skin to execute on that class

// Here's your javascript code to execute on element });

But this isn't the place for support. I feel relatively confident in saying we won't be bringing in javascript to be allowed via the editor itself. Can't say for sure about custom bbcodes, but ultimately security is going to trump functionality when it's a non-essential feature.

$$('.someclass').each( function(element) {

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...