Unauthorised interference with my posts |
Unauthorised interference with my posts |
pandy |
Dec 8 2006, 05:52 PM
Post
#21
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,731 Joined: 9-August 06 Member No.: 6 |
If you don't tell I will pout. You are cute when you pout. Entities don't work. I seriously have no idea how Pandy pulled that off. People have been trying to do that with IPB forever. You have got to tell us how you pulled that one off! No. I want to see you pout too first. |
Christian J |
Dec 16 2006, 12:29 PM
Post
#22
|
. Group: WDG Moderators Posts: 9,659 Joined: 10-August 06 Member No.: 7 |
Entities don't work. I seriously have no idea how Pandy pulled that off. People have been trying to do that with IPB forever. A simple googling turned up the following: javascript: If you look in the BBCode you can see how I did it, but pandy seems to use some other trick that makes the BBCode appear normal. BTW feel free to edit this post if you don't want everyone to know. |
pandy |
Dec 16 2006, 01:02 PM
Post
#23
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,731 Joined: 9-August 06 Member No.: 6 |
Can you put it in a script box?
CODE javascript:alert('Klutz!'); |
John Pozadzides |
Dec 26 2006, 10:20 PM
Post
#24
|
WDG Founder Group: Root Admin Posts: 529 Joined: 3-August 06 From: Magnolia, TX Member No.: 2 |
You have got to tell us how you pulled that one off! No. I want to see you pout too first. Ok. I'm pouting... see? Now, tell us how you did it! A simple googling turned up the following: javascript: Hmm... You say "simple" but I don't know how you found that. I know a lot of people, including me, that looked for it in the past but couldn't find it. But like you said, that isn't how Pandy is doing it. QUOTE java script:alert('Boo!'); Dammit! John |
pandy |
Dec 26 2006, 11:05 PM
Post
#25
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,731 Joined: 9-August 06 Member No.: 6 |
I knew you would give up if I waited long enough. That mug's so cute I just have to tell you.
Ready? Here goes! CODE javascript: alert('Boo!'); CODE javascript: alert('Boo!'); You can do it with any or all characters in 'javascript:'. It isn't my fault you guys listen to hearsay and don't test for yourselves! |
Christian J |
Dec 27 2006, 03:39 PM
Post
#26
|
. Group: WDG Moderators Posts: 9,659 Joined: 10-August 06 Member No.: 7 |
A simple googling turned up the following: javascript: Hmm... You say "simple" but I don't know how you found that. I know a lot of people, including me, that looked for it in the past but couldn't find it. IIRC I searched for ways to circumvent the bad word censor... BTW here's a mod for phpBB, maybe IPB has something similar though the mod appears to work only on empty BBCode tags (and not when you put content inside them like I did). |
Christian J |
Dec 27 2006, 03:45 PM
Post
#27
|
. Group: WDG Moderators Posts: 9,659 Joined: 10-August 06 Member No.: 7 |
It isn't my fault you guys listen to hearsay and don't test for yourselves! I did test &! Is this the same thing: http://secunia.com/advisories/20772 ? |
pandy |
Dec 27 2006, 09:45 PM
Post
#28
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,731 Joined: 9-August 06 Member No.: 6 |
I did test &! Kids nowadays... Give up when it doesn't work on the first try. Tsss, tsss, tsss. QUOTE Dont know. They say hex and I used decimal. Hex doesn't seem to work. CODE javascript: alert('Buu!'); |
John Pozadzides |
Dec 29 2006, 12:01 AM
Post
#29
|
WDG Founder Group: Root Admin Posts: 529 Joined: 3-August 06 From: Magnolia, TX Member No.: 2 |
I did test &! Kids nowadays... Give up when it doesn't work on the first try. Tsss, tsss, tsss. I swear I tested that also, multiple times! Dont know. They say hex and I used decimal. Hex doesn't seem to work. CODE java script: alert('Buu!'); I've already patched for that issue... John |
John Pozadzides |
Dec 29 2006, 12:06 AM
Post
#30
|
WDG Founder Group: Root Admin Posts: 529 Joined: 3-August 06 From: Magnolia, TX Member No.: 2 |
CODE javascript: alert('Boo!'); CODE java script: alert('Boo!'); Interesting. I just also learned that if you use the & trick, the first time you preview the post it switches it to the regular character. Then if you post it goes back to being broken. Basically this only works if you do NOT preview your post before taking it live. John |
pandy |
Dec 29 2006, 02:08 AM
Post
#31
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,731 Joined: 9-August 06 Member No.: 6 |
Yes, lots of boards do that. Messes quoting up, that.
Actually, it was pure luck I found this out. I use a script in my text editor to convert characters to entities. When I wrote it I chose dec since that's supposed to be most widely supported. So when I wanted to try "javascript:" with entities, decimal it was. Had my script happened to do hex, maybe I too had given up there. Wonder if it is a vulnerability BTW. If it is it shall be known as "The WDG Hole". |
Christian J |
Dec 29 2006, 05:03 AM
Post
#32
|
. Group: WDG Moderators Posts: 9,659 Joined: 10-August 06 Member No.: 7 |
Doesn't seem to work in links, but not sure why not (since the "javascript" part is still intact):
[url=javascript: alert('Boo!');]foo[/url] |
pandy |
Dec 29 2006, 02:58 PM
Post
#33
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,731 Joined: 9-August 06 Member No.: 6 |
|
rahul286 |
Feb 10 2007, 11:15 AM
Post
#34
|
Group: Members Posts: 2 Joined: 10-February 07 Member No.: 1,843 |
Yes, lots of boards do that. Messes quoting up, that. Actually, it was pure luck I found this out. I use a script in my text editor to convert characters to entities. When I wrote it I chose dec since that's supposed to be most widely supported. So when I wanted to try "java script:" with entities, decimal it was. Had my script happened to do hex, maybe I too had given up there. Wonder if it is a vulnerability BTW. If it is it shall be known as "The WDG Hole". Hello pandy, first thanx for : Can u tel me in details how do u use a script in text editor! Does it work for all members??? Actually I am running an invision board and there is completely dedicated thread for javascript: So I would really appreciate ur help! Thanks in advance! |
pandy |
Feb 10 2007, 11:40 AM
Post
#35
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,731 Joined: 9-August 06 Member No.: 6 |
No, you can't do it with any text editor. The one I use, Notetab, is programmable using its own scripting language. I like the way the sripts are evoked. Look at this picture http://notetab.com/screen01.html . What you see in the left window is a library with scripts. Each item in the list is a script. In this case it's just text macros that inserts CSS stuff in the document, but they can be a lot more advanced than that, process text, documents, disk files. You can have as many libraries as you want with many scripts in each.
|
rahul286 |
Feb 10 2007, 11:51 AM
Post
#36
|
Group: Members Posts: 2 Joined: 10-February 07 Member No.: 1,843 |
So is there any other solution??
something like BBCode or MODS... wel I have access to PHP source code of IPB, so I can modify any file! And thanks for replying so soon! |
pandy |
Feb 10 2007, 02:16 PM
Post
#37
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,731 Joined: 9-August 06 Member No.: 6 |
I don't understand what you want to do. Can't you just use #58 if that works?
|
Lo-Fi Version | Time is now: 26th April 2024 - 06:19 PM |