NationStates Jolt Archive

I'm just wondering why it is disabled by default.

Security.

http://www.weirdozone.0catch.com/projects/nationstates/salusasecondus/salusasecondus2.jpg
SalusaSecondus
Tech Modling
PGP: 0x0604DF3E

That doesn't make sense...

HTML will never be allowed in these forums, too many idiots would post stupid things that would do bad things...

Er...

You know what I mean.

HTML is disabled for security, as there is an important cross-site scripting vunrability with it.

That doesn't make sense...

One Word: Javascript.

That doesn't make sense...

One Word: Javascript.

OK, I'm sure all of you have been explaining it, but I still don't understand...

That doesn't make sense...

One Word: Javascript.

OK, I'm sure all of you have been explaining it, but I still don't understand...


Javascript could be embedded in the html to screw over the forums in simple terms

You can do some damage here with just the anchor tag. ;)

That doesn't make sense...

One Word: Javascript.

OK, I'm sure all of you have been explaining it, but I still don't understand...

Ok, well, if they enabled HTML, people with bad intentions could use it to link to a language called Javascript which can be used with HTML to get information about your computer or the software, like the cookie for phpBB which would basically allow them to log in as you if they extracted it all right. :P

You can do some damage here with just the anchor tag. ;)

That's a point, has [violet] put in the fix for the url bug?

That doesn't make sense...

One Word: Javascript.

OK, I'm sure all of you have been explaining it, but I still don't understand...

Ok, well, if they enabled HTML, people with bad intentions could use it to link to a language called Javascript which can be used with HTML to get information about your computer or the software, like the cookie for phpBB which would basically allow them to log in as you if they extracted it all right. :P

@PP: The data is md5 enrcypted, no way in hell your gona get anything out of it but good luck. ;)

You can do some damage here with just the anchor tag. ;)

That's a point, has [violet] put in the fix for the url bug?
Yeah, I got a warning from the Tech-Moddling guy for telling them about the fix. :roll:

That doesn't make sense...

One Word: Javascript.

OK, I'm sure all of you have been explaining it, but I still don't understand...

Ok, well, if they enabled HTML, people with bad intentions could use it to link to a language called Javascript which can be used with HTML to get information about your computer or the software, like the cookie for phpBB which would basically allow them to log in as you if they extracted it all right. :P

@PP: The data is md5 enrcypted, no way in hell your gona get anything out of it but good luck. ;)

It's not all encrypted, or at least, the last time I looked it wasn't. :P Yuo can edit bits of it, and it'll let you login. :P

You can do some damage here with just the anchor tag. ;)

That's a point, has [violet] put in the fix for the url bug?
Yeah, I got a warning from the Tech-Moddling guy for telling them about the fix. :roll:

They have done it though?

Well, I still don't know how Javascript works, but thank you, I understand now why html is not allowed.

Well, I still don't know how Javascript works, but thank you, I understand now why html is not allowed.

Neither do I. ;) I've never had the need for it, hehehe.

In earlier versions, you could use it similary to the way you can use YaBB, so that you can session hi-jack, but with the SID that is placed into 2.0.4. A supposed security increase that makes the site hard to use and was greatly reduced in 2.0.5, we are now at 2.0.6, and I belive the software used here to be extremely outdated and should be updated to prevent security issues.

That doesn't make sense...

One Word: Javascript.

Forgive my ignorance,but can you embed VBScript in html as well?

That doesn't make sense...

One Word: Javascript.

Forgive my ignorance,but can you embed VBScript in html as well?

Not sure...

That doesn't make sense...

One Word: Javascript.

Forgive my ignorance,but can you embed VBScript in html as well?

Not sure...

I've seen it happen. There was a cool thing online that gave you a free cupholder using VBScript... (It opened your cd player.) So it would be something like <script language="VBScript">.

There are many security issues with allowing HTML in the forums, more than anyone here has mentioned. IN regards to the url bug, all critical systems are long patched against it, and remaining ones will be handled shortly.

http://www.weirdozone.0catch.com/projects/nationstates/salusasecondus/salusasecondus2.jpg
SalusaSecondus
Tech Modling
PGP: 0x0604DF3E

Mmmkay...

...

Oh, and just thought I'd warn you, NS is being invaded by the phpBB team...

Heh.

Whatever you do, don't delete Boooobies... :o

Mmmkay...

...

Oh, and just thought I'd warn you, NS is being invaded by the phpBB team...

Heh.

Whatever you do, don't delete Boooobies... :o


huh :?: :?

phpBB team == phpBB group

Powered by phpBB 2.0.4 © 2001, 2002 phpBB Group

Be afraid...

Be very afraid.....

phpBB team == phpBB group

Powered by phpBB 2.0.4 © 2001, 2002 phpBB Group

Be afraid...

Be very afraid.....

So....the people who mad phpbb are invading NS?...

phpBB team == phpBB group

Powered by phpBB 2.0.4 © 2001, 2002 phpBB Group

Be afraid...

Be very afraid.....

So....the people who mad phpbb are invading NS?...

*cackles*

phpBB team == phpBB group

Powered by phpBB 2.0.4 © 2001, 2002 phpBB Group

Be afraid...

Be very afraid.....

So....the people who mad phpbb are invading NS?...

*cackles*

I see.
*Slaps him*

2.0.4, is old outdated software.

I belive you should upgraded asap.

You could use EasyMOD by Nuttzy99, and upgrade in less than one minute.

2.0.4, is old outdated software.

I belive you should upgraded asap.

You could use EasyMOD by Nuttzy99, and upgrade in less than one minute.

Yes, and spend several hours installing EasyMOD... :P

Been here, done this. ;)

2.0.4, is old outdated software.

I belive you should upgraded asap.

You could use EasyMOD by Nuttzy99, and upgrade in less than one minute.

Yes, and spend several hours installing EasyMOD... :P

Been here, done this. ;)

How can you spend hours installng EasyMOD, I am a member of the EasyHack team, who are converting EasyMOD over to the phpBBHacks.com template.

The install completes in seconds.

Have you fixed the UN vote/endorsement bug yet?