querschlaeger Posted September 9, 2015 Share Posted September 9, 2015 Hello,how can I prevent that users (or better a usergroup) can use all the CSS they want? On my site guests are allowed to post. In the good old BBCode era it was easy to disallow BBCode for guests but now they can use HTML and CSS to modify content (they can hide text and URLs if they set background and text color to the same as the page background color (just an example)).In the past I only had to moderate content but I also have to moderate style. This is really annoying.... or they can do this: Link to comment Share on other sites More sharing options...
Jim M Posted September 9, 2015 Share Posted September 9, 2015 Guests should not be able to post HTML. You can disable this by going to ACP -> Members -> Groups -> edit guests -> Content -> disable Can post HTML? Link to comment Share on other sites More sharing options...
Ralf Herrmann Posted September 9, 2015 Share Posted September 9, 2015 It would basically need artificial intelligence to decide between wanted and unwanted styling. We could certain strip out all kinds of CSS statements, but those same statements can be needed in the next post and break the layout or confuse the user when they are stripped out. Link to comment Share on other sites More sharing options...
querschlaeger Posted September 9, 2015 Author Share Posted September 9, 2015 Guests should not be able to post HTML. You can disable this by going to ACP -> Members -> Groups -> edit guests -> Content -> disable Can post HTML? They can. Of course not everything is possible but most of CSS and basic HTML is possible. Just let me referring here: http://ips41preview.invisionpower-staging.com/topic/275-testing-hidden-mentions/ This is possible because we now use a HTML editor (CKEditor) and not a simple textarea and post parsed BBCodes. Link to comment Share on other sites More sharing options...
querschlaeger Posted September 9, 2015 Author Share Posted September 9, 2015 In the first post I just typed a single space and set the font size with CSS to 72000px. Even if you (as admin) force pasting as plain text and remove most of the editor buttons, I can still (re)use HTML and CSS in browser console before submitting the post. It would basically need artificial intelligence to decide between wanted and unwanted styling. We could certain strip out all kinds of CSS statements, but those same statements can be needed in the next post and break the layout or confuse the user when they are stripped out. On my site guests are not allowed to style their content. They are not allowed to post images. And they are not allowed to post links.But with IPS I have to control over it. They can do what they want. Link to comment Share on other sites More sharing options...
Lukeroge Posted September 9, 2015 Share Posted September 9, 2015 Maybe the post filter needs some special rules for things like font size, to not allow things like above Link to comment Share on other sites More sharing options...
Ralf Herrmann Posted September 9, 2015 Share Posted September 9, 2015 In the first post I just typed a single space and set the font size with CSS to 72000px. Even if you (as admin) force pasting as plain text and remove most of the editor buttons, I can still (re)use HTML and CSS in browser console before submitting the post.Yes, we get this. You have posted about this many times already. ;-)But if people really want to break posts like this, they could do that in the past as well. The example you showed here could always be achieved by simply posting empty lines. So yes, its more a matter of moderation than of filtering. Link to comment Share on other sites More sharing options...
-FP Posted September 9, 2015 Share Posted September 9, 2015 Why bothering controlling and preventing stuff by annoying people, just warn/ban them. Make a warn reason "Wasting your and my time doing annoying stuff in your content". Link to comment Share on other sites More sharing options...
querschlaeger Posted September 9, 2015 Author Share Posted September 9, 2015 But if people really want to break posts like this, they could do that in the past as well.No. As I said I disabled the usage of BBCode, images and links for guests.By the way: It also should not possible to modify system style (of quotes, mentions, code block layout, ...). But as you can see, I modified the quote block above. As admin I have no global control of site style. Why bothering controlling and preventing stuff by annoying people, just warn/ban them. Make a warn reason "Wasting your and my time doing annoying stuff in your content".How can I warn or ban a guest? Link to comment Share on other sites More sharing options...
Ralf Herrmann Posted September 9, 2015 Share Posted September 9, 2015 No. Yes. You made a visually long empty post as an example. That could always be done. Just as posting 10000 words of nonsense text or porn images. Just because it can be done, doesn’t mean that the system needs to prevent it technically. Link to comment Share on other sites More sharing options...
querschlaeger Posted September 9, 2015 Author Share Posted September 9, 2015 With my example I just wanted to demonstrate how to break the mobile layout. Sorry for confusing. Link to comment Share on other sites More sharing options...
querschlaeger Posted September 10, 2015 Author Share Posted September 10, 2015 By the way: At the moment I create a browser addon for Chrome and Firefox so everyone can type HTML and CSS easily on all IPS 4.x sites with CKeditor. Detection of a IPS site and implant the HTML button to editor works fine at the moment on DIV embedded CKEditor (since IPS 4.1). Link to comment Share on other sites More sharing options...
Management Matt Posted September 10, 2015 Management Share Posted September 10, 2015 Remember that the PHP text parser will clean a lot of the HTML up. We use HTMLPurifier to remove unwanted styles, javascript, etc. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.