Jump to content

How can I prevent that users break layout or use CSS?

querschlaeger

By querschlaeger
in Feedback

Recommended Posts

querschlaeger Enthusiast

querschlaeger

Posted
Posted

Hello,

how can I prevent that users (or better a usergroup) can use all the CSS they want? On my site guests are allowed to post. In the good old BBCode era it was easy to disallow BBCode for guests but now they can use HTML and CSS to modify content (they can hide text and URLs if they set background and text color to the same as the page background color (just an example)).

In the past I only had to moderate content but I also have to moderate style. This is really annoying.

... or they can do this:

 

Link to comment
Share on other sites
querschlaeger Enthusiast

querschlaeger

Posted
  • Author
Posted

Guests should not be able to post HTML. You can disable this by going to ACP -> Members -> Groups -> edit guests -> Content -> disable Can post HTML? 

They can. Of course not everything is possible but most of CSS and basic HTML is possible. Just let me referring here: http://ips41preview.invisionpower-staging.com/topic/275-testing-hidden-mentions/

 

ipscsshtml.png

This is possible because we now use a HTML editor (CKEditor) and not a simple textarea and post parsed BBCodes.

Link to comment
Share on other sites
querschlaeger Enthusiast

querschlaeger

Posted
  • Author
Posted

In the first post I just typed a single space and set the font size with CSS to 72000px. Even if you (as admin) force pasting as plain text and remove most of the editor buttons, I can still (re)use HTML and CSS in browser console before submitting the post.

It would basically need artificial intelligence to decide between wanted and unwanted styling. We could certain strip out all kinds of CSS statements, but those same statements can be needed in the next post and break the layout or confuse the user when they are stripped out.  

On my site guests are not allowed to style their content. They are not allowed to post images. And they are not allowed to post links.

But with IPS I have to control over it. They can do what they want.

Link to comment
Share on other sites
Ralf Herrmann Apprentice

Ralf Herrmann

Posted
Posted

In the first post I just typed a single space and set the font size with CSS to 72000px. Even if you (as admin) force pasting as plain text and remove most of the editor buttons, I can still (re)use HTML and CSS in browser console before submitting the post.

Yes, we get this. You have posted about this many times already. ;-)

But if people really want to break posts like this, they could do that in the past as well. The example you showed here could always be achieved by simply posting empty lines. 
So yes, its more a matter of moderation than of filtering. 

Link to comment
Share on other sites
querschlaeger Enthusiast

querschlaeger

Posted
  • Author
Posted

But if people really want to break posts like this, they could do that in the past as well.

No. As I said I disabled the usage of BBCode, images and links for guests.

By the way: It also should not possible to modify system style (of quotes, mentions, code block layout, ...). But as you can see, I modified the quote block above. As admin I have no global control of site style.

Why bothering controlling and preventing stuff by annoying people, just warn/ban them. Make a warn reason "Wasting your and my time doing annoying stuff in your content".

How can I warn or ban a guest?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...