NationStates Jolt Archive


HTML in the Forums

12-10-2003, 00:36
I'm just wondering why it is disabled by default.
SalusaSecondus
12-10-2003, 00:41
Security.

http://www.weirdozone.0catch.com/projects/nationstates/salusasecondus/salusasecondus2.jpg
SalusaSecondus
Tech Modling
PGP: 0x0604DF3E
12-10-2003, 00:42
That doesn't make sense...
Peng-Pau
12-10-2003, 00:42
HTML will never be allowed in these forums, too many idiots would post stupid things that would do bad things...

Er...

You know what I mean.
Rapid Dr3am
12-10-2003, 00:43
HTML is disabled for security, as there is an important cross-site scripting vunrability with it.
Peng-Pau
12-10-2003, 00:51
That doesn't make sense...

One Word: Javascript.
12-10-2003, 00:52
That doesn't make sense...

One Word: Javascript.

OK, I'm sure all of you have been explaining it, but I still don't understand...
NuMetal
12-10-2003, 00:53
That doesn't make sense...

One Word: Javascript.

OK, I'm sure all of you have been explaining it, but I still don't understand...


Javascript could be embedded in the html to screw over the forums in simple terms
Rapid Dr3am
12-10-2003, 00:54
You can do some damage here with just the anchor tag. ;)
Peng-Pau
12-10-2003, 00:54
That doesn't make sense...

One Word: Javascript.

OK, I'm sure all of you have been explaining it, but I still don't understand...

Ok, well, if they enabled HTML, people with bad intentions could use it to link to a language called Javascript which can be used with HTML to get information about your computer or the software, like the cookie for phpBB which would basically allow them to log in as you if they extracted it all right. :P
Peng-Pau
12-10-2003, 00:55
You can do some damage here with just the anchor tag. ;)

That's a point, has [violet] put in the fix for the url bug?
Rapid Dr3am
12-10-2003, 00:55
That doesn't make sense...

One Word: Javascript.

OK, I'm sure all of you have been explaining it, but I still don't understand...

Ok, well, if they enabled HTML, people with bad intentions could use it to link to a language called Javascript which can be used with HTML to get information about your computer or the software, like the cookie for phpBB which would basically allow them to log in as you if they extracted it all right. :P

@PP: The data is md5 enrcypted, no way in hell your gona get anything out of it but good luck. ;)
Rapid Dr3am
12-10-2003, 00:56
You can do some damage here with just the anchor tag. ;)

That's a point, has [violet] put in the fix for the url bug?
Yeah, I got a warning from the Tech-Moddling guy for telling them about the fix. :roll:
Peng-Pau
12-10-2003, 00:56
That doesn't make sense...

One Word: Javascript.

OK, I'm sure all of you have been explaining it, but I still don't understand...

Ok, well, if they enabled HTML, people with bad intentions could use it to link to a language called Javascript which can be used with HTML to get information about your computer or the software, like the cookie for phpBB which would basically allow them to log in as you if they extracted it all right. :P

@PP: The data is md5 enrcypted, no way in hell your gona get anything out of it but good luck. ;)

It's not all encrypted, or at least, the last time I looked it wasn't. :P Yuo can edit bits of it, and it'll let you login. :P
Peng-Pau
12-10-2003, 00:56
You can do some damage here with just the anchor tag. ;)

That's a point, has [violet] put in the fix for the url bug?
Yeah, I got a warning from the Tech-Moddling guy for telling them about the fix. :roll:

They have done it though?
12-10-2003, 00:57
Well, I still don't know how Javascript works, but thank you, I understand now why html is not allowed.
Peng-Pau
12-10-2003, 00:58
Well, I still don't know how Javascript works, but thank you, I understand now why html is not allowed.

Neither do I. ;) I've never had the need for it, hehehe.
Rapid Dr3am
12-10-2003, 00:58
In earlier versions, you could use it similary to the way you can use YaBB, so that you can session hi-jack, but with the SID that is placed into 2.0.4. A supposed security increase that makes the site hard to use and was greatly reduced in 2.0.5, we are now at 2.0.6, and I belive the software used here to be extremely outdated and should be updated to prevent security issues.
NuMetal
12-10-2003, 01:03
That doesn't make sense...

One Word: Javascript.

Forgive my ignorance,but can you embed VBScript in html as well?
Peng-Pau
12-10-2003, 01:04
That doesn't make sense...

One Word: Javascript.

Forgive my ignorance,but can you embed VBScript in html as well?

Not sure...
Topnotch Toast
12-10-2003, 01:51
That doesn't make sense...

One Word: Javascript.

Forgive my ignorance,but can you embed VBScript in html as well?

Not sure...

I've seen it happen. There was a cool thing online that gave you a free cupholder using VBScript... (It opened your cd player.) So it would be something like <script language="VBScript">.
SalusaSecondus
12-10-2003, 03:00
There are many security issues with allowing HTML in the forums, more than anyone here has mentioned. IN regards to the url bug, all critical systems are long patched against it, and remaining ones will be handled shortly.

http://www.weirdozone.0catch.com/projects/nationstates/salusasecondus/salusasecondus2.jpg
SalusaSecondus
Tech Modling
PGP: 0x0604DF3E
Peng-Pau
12-10-2003, 03:32
Mmmkay...

...

Oh, and just thought I'd warn you, NS is being invaded by the phpBB team...

Heh.

Whatever you do, don't delete Boooobies... :o
NuMetal
12-10-2003, 03:34
Mmmkay...

...

Oh, and just thought I'd warn you, NS is being invaded by the phpBB team...

Heh.

Whatever you do, don't delete Boooobies... :o


huh :?: :?
Peng-Pau
12-10-2003, 03:37
phpBB team == phpBB group

Powered by phpBB 2.0.4 © 2001, 2002 phpBB Group

Be afraid...

Be very afraid.....
NuMetal
12-10-2003, 03:39
phpBB team == phpBB group

Powered by phpBB 2.0.4 © 2001, 2002 phpBB Group

Be afraid...

Be very afraid.....

So....the people who mad phpbb are invading NS?...
Peng-Pau
12-10-2003, 03:47
phpBB team == phpBB group

Powered by phpBB 2.0.4 © 2001, 2002 phpBB Group

Be afraid...

Be very afraid.....

So....the people who mad phpbb are invading NS?...

*cackles*
NuMetal
12-10-2003, 03:50
phpBB team == phpBB group

Powered by phpBB 2.0.4 © 2001, 2002 phpBB Group

Be afraid...

Be very afraid.....

So....the people who mad phpbb are invading NS?...

*cackles*

I see.
*Slaps him*
Rapid Dr3am
12-10-2003, 14:05
2.0.4, is old outdated software.

I belive you should upgraded asap.

You could use EasyMOD by Nuttzy99, and upgrade in less than one minute.
Peng-Pau
12-10-2003, 17:23
2.0.4, is old outdated software.

I belive you should upgraded asap.

You could use EasyMOD by Nuttzy99, and upgrade in less than one minute.

Yes, and spend several hours installing EasyMOD... :P

Been here, done this. ;)
Rapid Dr3am
12-10-2003, 21:37
2.0.4, is old outdated software.

I belive you should upgraded asap.

You could use EasyMOD by Nuttzy99, and upgrade in less than one minute.

Yes, and spend several hours installing EasyMOD... :P

Been here, done this. ;)

How can you spend hours installng EasyMOD, I am a member of the EasyHack team, who are converting EasyMOD over to the phpBBHacks.com template.

The install completes in seconds.
Goobergunchia
12-10-2003, 22:18
Goobergunchia
12-10-2003, 22:21
Have you fixed the UN vote/endorsement bug yet?