chasz Posted May 25, 2009 Posted May 25, 2009 if ipb is worried about skinner inserting dubious codes in the skins then why not set up a cutrom key for each bbcode
Tom Christian Posted May 25, 2009 Posted May 25, 2009 ha :P that is a good suggestion. I'm sure IPS will check for these things though. Regardless of that anyway, I don't think anyone would really in their right mind do such a thing ;)
bfarber Posted May 26, 2009 Posted May 26, 2009 Yeah I'm lost. Can you explain your suggestion please?
chasz Posted May 26, 2009 Author Posted May 26, 2009 OK every forum has a special custom key: ipb, gottalk, invisionize etc so when bbcodes are run, the skin has to check for this key BUT i am lost !!! i can run ALL javascripts through the skins anyways, so why bother to parse it out of the bbcodes?? especially when the admin is the only ones who can edit them !! If you mean that the editors in the ACP are the same as the front, and they use the same functions, they why NOT write a secondary function for the ACP and admins?
Michael Posted May 26, 2009 Posted May 26, 2009 Ah, so it's yet another topic about you wanting to use javascript in code in the editor. :rolleyes:
bfarber Posted May 26, 2009 Posted May 26, 2009 Ah, ok. To summarize... You want to be able to use javascript in the editor.
chasz Posted May 27, 2009 Author Posted May 27, 2009 i need to be able to allow js thru bbcodes !! bbcodes are the filter for public posting. if i can use bbcodes i need to do so from anywhere
Smokey-Rev Posted May 27, 2009 Posted May 27, 2009 Wouldn't that cause potential security issues though? Allowing javascript to be posted?
chasz Posted May 27, 2009 Author Posted May 27, 2009 [quote name='Smoke-ZB' date='27 May 2009 - 05:48 AM' timestamp='1243399693' post='1805493'] Wouldn't that cause potential security issues though? Allowing javascript to be posted? you tell me dude. the whole web 2 is based on JS.....the JS function is wrapped up in bbcodes, and the output is through IPB. Its as controlled as u can get it.... why do a hard stripping and then leave it all open in the skin?? Sounds all Maginot Line to me !! Its like shooting off ya leg because you got a snake bite; sometime u have to but is it this time?
Mark Posted May 27, 2009 Posted May 27, 2009 [quote name='Smoke-ZB' date='27 May 2009 - 05:48 AM' timestamp='1243399693' post='1805493'] Wouldn't that cause potential security issues though? Allowing javascript to be posted? Yes.
bfarber Posted May 27, 2009 Posted May 27, 2009 You need to change how you do what you are trying to do. I don't even know what you are trying to do, but you can always just give your content a class in the bbcode and then use javascript in your skin to execute on that class // Here's your javascript code to execute on element }); But this isn't the place for support. I feel relatively confident in saying we won't be bringing in javascript to be allowed via the editor itself. Can't say for sure about custom bbcodes, but ultimately security is going to trump functionality when it's a non-essential feature.$$('.someclass').each( function(element) {
Recommended Posts
Archived
This topic is now archived and is closed to further replies.