cotonti.com : BBCode question output HTML https://www.cotonti.com Последние сообщения в теме Cotonti en Mon, 03 Nov 2025 06:58:01 -0000 Trustmaster Yes, it is quite safe if it is for admins only. Otherwise you need something like HTML Purifier to sanitize the html.

]]> пт, 25 ноя 2011 13:58:25 -0000 ez Question....
Would it be safe if I would strip any <script> </script> tags from the content inside the HTML BBcode users input.... ???
Would that be enough for safety... ??

By the way
I made that functions just for admins... so I am the only one that can do that.. and i made it for fixed areas..
For example I put blocks of HTML above lists  (So kinda like a page above a list)

DEVIL Big Brother is Watching !!!
I know that IF i put Googles Analytics JS script on my site, then they could intercept all my POST data (so also my login credentials)
A lot off people do NOT realize this !!
Google knows everything ... devil

]]> пт, 25 ноя 2011 10:36:34 -0000 Trustmaster What kind of container does an embed need?

Added 1 minute later:

Ah, got it, so you added a bbcode for raw HTML. Well, it isn't any safe because one can put malicious JavaScript in it and steal admin credential when he browsers the page.

]]> пт, 25 ноя 2011 08:44:38 -0000 ez i have made it.... [html] [/html]...

BUT it needs corehacking.

And I question if it is safe..

]]> пт, 25 ноя 2011 06:21:36 -0000 Twiebie #22502 Trustmaster:
Why not add proper embed bbcodes instead? BBcode parser doesn't accept any HTML.

Sorry for bumping an old topic, but I do have a question on this.

Would it not be possible to create something like a bbcode for a HTML container that can allow embedding?

]]> пт, 25 ноя 2011 01:57:46 -0000 ez I do not know wich ones are standard

Look at this code:
<embed src=https://www.cotonti.com/"http://pauwenwitteman.vara.nl/typo3conf/ext/vara_flashplayer/player/player.swf" AllowScriptAccess="always" width="480" height="320" bgcolor="262626" allowfullscreen="true" flashvars="config=http://pauwenwitteman.vara.nl/index.php%3Fid%3D113%26type%3D9010%26tx_varaflashplayer_xmlgenerator%5Bconfig%5D%3D4839%26tx_varaflashplayer_xmlgenerator%5Bembed%5D%3D1%26cHash%3D98e1a6d4ef" ></embed>

So thats the thing, every embed element will be so different

Do you have an idea on how to make this]]> вс, 31 янв 2010 23:45:41 -0000 Trustmaster вс, 31 янв 2010 23:32:18 -0000 ez
I want to let the users add HTML code to their articles.
I have made a bbcode like this: [html_code][/html_code]

The bbcodes work, but the $1 gets translated so the text is showing, but not as HTML.
all special characters are escaped.

Is there a way to do this ????

I want this, because they want to add <embed xxx yyy zzz </embed> stuff

hope someone can help or maybe someone has a better idea,

Leo (ez)

p.s. I do not want to activate the possibility so they can type pure HTML..]]> вс, 31 янв 2010 22:25:23 -0000