September 9, 2015 in Feedback
how can I prevent that users (or better a usergroup) can use all the CSS they want? On my site guests are allowed to post. In the good old BBCode era it was easy to disallow BBCode for guests but now they can use HTML and CSS to modify content (they can hide text and URLs if they set background and text color to the same as the page background color (just an example)).
In the past I only had to moderate content but I also have to moderate style. This is really annoying.
... or they can do this:
Guests should not be able to post HTML. You can disable this by going to ACP -> Members -> Groups -> edit guests -> Content -> disable Can post HTML?
It would basically need artificial intelligence to decide between wanted and unwanted styling. We could certain strip out all kinds of CSS statements, but those same statements can be needed in the next post and break the layout or confuse the user when they are stripped out.
They can. Of course not everything is possible but most of CSS and basic HTML is possible. Just let me referring here: http://ips41preview.invisionpower-staging.com/topic/275-testing-hidden-mentions/
This is possible because we now use a HTML editor (CKEditor) and not a simple textarea and post parsed BBCodes.
In the first post I just typed a single space and set the font size with CSS to 72000px. Even if you (as admin) force pasting as plain text and remove most of the editor buttons, I can still (re)use HTML and CSS in browser console before submitting the post.
On my site guests are not allowed to style their content. They are not allowed to post images. And they are not allowed to post links.
But with IPS I have to control over it. They can do what they want.
Maybe the post filter needs some special rules for things like font size, to not allow things like above
Yes, we get this. You have posted about this many times already. ;-)
But if people really want to break posts like this, they could do that in the past as well. The example you showed here could always be achieved by simply posting empty lines. So yes, its more a matter of moderation than of filtering.
Why bothering controlling and preventing stuff by annoying people, just warn/ban them. Make a warn reason "Wasting your and my time doing annoying stuff in your content".
But if people really want to break posts like this, they could do that in the past as well.
No. As I said I disabled the usage of BBCode, images and links for guests.
By the way: It also should not possible to modify system style (of quotes, mentions, code block layout, ...). But as you can see, I modified the quote block above. As admin I have no global control of site style.
How can I warn or ban a guest?
Yes. You made a visually long empty post as an example. That could always be done. Just as posting 10000 words of nonsense text or porn images. Just because it can be done, doesn’t mean that the system needs to prevent it technically.
With my example I just wanted to demonstrate how to break the mobile layout. Sorry for confusing.
By the way: At the moment I create a browser addon for Chrome and Firefox so everyone can type HTML and CSS easily on all IPS 4.x sites with CKeditor. Detection of a IPS site and implant the HTML button to editor works fine at the moment on DIV embedded CKEditor (since IPS 4.1).
This topic is now archived and is closed to further replies.
Started 21 hours ago
Started 5 minutes ago
Started November 9, 2021