Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted May 25, 200915 yr if ipb is worried about skinner inserting dubious codes in the skins then why not set up a cutrom key for each bbcode
May 25, 200915 yr ha :P that is a good suggestion. I'm sure IPS will check for these things though. Regardless of that anyway, I don't think anyone would really in their right mind do such a thing ;)
May 26, 200915 yr Author OK every forum has a special custom key: ipb, gottalk, invisionize etc so when bbcodes are run, the skin has to check for this key BUT i am lost !!! i can run ALL javascripts through the skins anyways, so why bother to parse it out of the bbcodes?? especially when the admin is the only ones who can edit them !! If you mean that the editors in the ACP are the same as the front, and they use the same functions, they why NOT write a secondary function for the ACP and admins?
May 26, 200915 yr Ah, so it's yet another topic about you wanting to use javascript in code in the editor. :rolleyes:
May 27, 200915 yr Author i need to be able to allow js thru bbcodes !! bbcodes are the filter for public posting. if i can use bbcodes i need to do so from anywhere
May 27, 200915 yr Wouldn't that cause potential security issues though? Allowing javascript to be posted?
May 27, 200915 yr Author [quote name='Smoke-ZB' date='27 May 2009 - 05:48 AM' timestamp='1243399693' post='1805493'] Wouldn't that cause potential security issues though? Allowing javascript to be posted? you tell me dude. the whole web 2 is based on JS.....the JS function is wrapped up in bbcodes, and the output is through IPB. Its as controlled as u can get it.... why do a hard stripping and then leave it all open in the skin?? Sounds all Maginot Line to me !! Its like shooting off ya leg because you got a snake bite; sometime u have to but is it this time?
May 27, 200915 yr [quote name='Smoke-ZB' date='27 May 2009 - 05:48 AM' timestamp='1243399693' post='1805493'] Wouldn't that cause potential security issues though? Allowing javascript to be posted? Yes.
May 27, 200915 yr You need to change how you do what you are trying to do. I don't even know what you are trying to do, but you can always just give your content a class in the bbcode and then use javascript in your skin to execute on that class // Here's your javascript code to execute on element }); But this isn't the place for support. I feel relatively confident in saying we won't be bringing in javascript to be allowed via the editor itself. Can't say for sure about custom bbcodes, but ultimately security is going to trump functionality when it's a non-essential feature.$$('.someclass').each( function(element) {
Archived
This topic is now archived and is closed to further replies.