|
-
Sep 8th, 2004, 01:09 PM
#1
Problem with JavaScript:
Hi it seems like if i type JavaScript: then a space between Java and script is inserted. Check this test post
Its annoying sometime as you can see here
Is it possible to fix it without modifying the "Underlying Forum Code"?
Thanks.
[VBF RSS Feed]
There is a great war coming. Are you sure you are on the right side? Atleast I have chosen a side.
If I have been helpful, Please Rate my Post. Thanks. 
This post was powered by : 
-
Sep 8th, 2004, 02:29 PM
#2
Hi it seems like if i type javascript: then a space between Java...
hi it seems like if i type JavaScript: then a space....
hi it seems like if i type "javascript" then....
-
Sep 8th, 2004, 02:52 PM
#3
Brad, looks like you fixed it, thanks.
But if I edit my post, the problem re-appears, can you fixed that if possible.
Thanks again.
Danial.
[VBF RSS Feed]
There is a great war coming. Are you sure you are on the right side? Atleast I have chosen a side.
If I have been helpful, Please Rate my Post. Thanks.
This post was powered by :
-
Sep 8th, 2004, 03:21 PM
#4
I didn't do anything. The only time I could duplicate the error was when I copied your post.
I suggest you don't copy your post 
Brad!
-
Sep 8th, 2004, 03:30 PM
#5
[VBF RSS Feed]
There is a great war coming. Are you sure you are on the right side? Atleast I have chosen a side.
If I have been helpful, Please Rate my Post. Thanks.
This post was powered by :
-
Sep 8th, 2004, 03:43 PM
#6
Definitely weird. I wasn't sure where to being looking, which is why I started by trying to duplicate the issue.....
If it happens again and we can duplicate it, then I'll see what we can do. 
Brad!
-
Sep 8th, 2004, 03:44 PM
#7
Originally posted by brad jones
Definitely weird. I wasn't sure where to being looking, which is why I started by trying to duplicate the issue.....
If it happens again and we can duplicate it, then I'll see what we can do.
Brad!
I spoke too early, it only happens inside [code ] tag. e.g
Code:
onclick="javascript:Test()"
That should replicate the error.
[VBF RSS Feed]
There is a great war coming. Are you sure you are on the right side? Atleast I have chosen a side.
If I have been helpful, Please Rate my Post. Thanks.
This post was powered by :
-
Sep 8th, 2004, 03:49 PM
#8
Brad, finally found the cause.
It happens inside [code], [vbcode], and [quote] tag.
When i edit the post, it shows the text without any space, so that means Format function of vbBulletin is causing the bug.
Last edited by Danial; Sep 8th, 2004 at 03:56 PM.
[VBF RSS Feed]
There is a great war coming. Are you sure you are on the right side? Atleast I have chosen a side.
If I have been helpful, Please Rate my Post. Thanks.
This post was powered by :
-
Sep 8th, 2004, 07:04 PM
#9
Ex-Super Mod'rater
To be more precise it only happens when those tags are used in a post, but even then it affects outside the tags if they were present.
Like Look at these two posts:
http://www.vbforums.com/showthread.p...postid=1782456
http://www.vbforums.com/showthread.p...postid=1782457
The second one is the same as the first except the line with the Code tags has been taken out .
When your thread has been resolved please edit the original post in the thread (  )
and amend "-[RESOLVED]-" to the end of the title and change the icon to  , Thank you.
When posting Code use the [VBCode]Code Here[/VBCode] tags to be able to use the code highlighting.
-
Sep 8th, 2004, 07:32 PM
#10
-
Sep 9th, 2004, 07:28 AM
#11
Ex-Super Mod'rater
Solved the problem, well I found the reason I reckon......
I just tried it with the bold tags so its actually if any tags are present and the reason is that you could inject Javascript when tags with parameters are present. For example:
[color=Red]SomeText[/color]
converts to:
<font color="Red">SomeText</font> (Or similar)
So then what if you do:
[color=Red" onclick="javascript:DoSomething()]SomeText[/color]
That would convert to:
<font color="Red" onclick="javascript:DoSomething()">SomeText</font> (Or similar)
When your thread has been resolved please edit the original post in the thread ( )
and amend "-[RESOLVED]-" to the end of the title and change the icon to , Thank you.
When posting Code use the [VBCode]Code Here[/VBCode] tags to be able to use the code highlighting.
-
Sep 9th, 2004, 04:32 PM
#12
EMan,
I see your point, you are trying to say this can be used to call JavaScript function and would be open to abuse, right?
In that case all is needed is to put a tag like we do, between java and script
e.g Replace JavaScript to Java[b] [/b ]Script
Note that the "<script>" tag "<" and ">" is getting replaced by html char code so you would not be able to call any script any way. You can only do inline JavaScript.
I would assume we only need to modify the Replace function, e.g
Replace(strHtml, "JavaScript:", "Java Script:")
to
Replace(strHtml, "JavaScript:", "Java[b ][/b ]Script"
Obviously the equivelent of Replace function in PHP.
Brad any ways to fix it or is it too much code change?
[VBF RSS Feed]
There is a great war coming. Are you sure you are on the right side? Atleast I have chosen a side.
If I have been helpful, Please Rate my Post. Thanks.
This post was powered by :
-
Sep 9th, 2004, 07:53 PM
#13
Ex-Super Mod'rater
I would think its rather a lot to change. You could just work around it by doing:
javas[b][/b]cript:
Which is actually how I managed to get it to display right in my last post. Ofcourse if this is the way to go then not everyone will know how to do it but at least then you'll know something not everyone else does  .
Thing is this could have been fixed in the next version but I'm not sure there. the method you suggested could have some strange results, especially if you used that replace statement when the input was the injection I gave as an example .
When your thread has been resolved please edit the original post in the thread ( )
and amend "-[RESOLVED]-" to the end of the title and change the icon to , Thank you.
When posting Code use the [VBCode]Code Here[/VBCode] tags to be able to use the code highlighting.
-
Sep 10th, 2004, 07:25 AM
#14
I'll report this to our developers and see if they have the time to look into it.
Brad
-
Sep 10th, 2004, 08:17 AM
#15
Originally posted by brad jones
I'll report this to our developers and see if they have the time to look into it.
Brad
Thanks Brad,
Its not a major issue, but would be nice if it can be fixed.
[VBF RSS Feed]
There is a great war coming. Are you sure you are on the right side? Atleast I have chosen a side.
If I have been helpful, Please Rate my Post. Thanks.
This post was powered by :
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
. Are you sure you didnt change anything?