Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



2455 posts

Uber Geek
+1 received by user: 220

Trusted
Subscriber

Topic # 111861 17-Nov-2012 11:45 Send private message

I've noticed while browsing the forum this morning that a few people are having HTML make it into their posts

Examples here and here.  Is there a problem with the editor?

Create new topic
BDFL
49451 posts

Uber Geek
+1 received by user: 4349

Administrator
Trusted
Geekzone
Subscriber

  Reply # 718699 17-Nov-2012 11:48 Send private message

This only affected posts within a five minutes time window last night, while we switched some code behind the htmlencode/urlencode we use here. This was noted here before.






2455 posts

Uber Geek
+1 received by user: 220

Trusted
Subscriber

  Reply # 718713 17-Nov-2012 11:51 Send private message

Ah right. Sorry didn't realise that was the same root cause. Carry on then!

BDFL
49451 posts

Uber Geek
+1 received by user: 4349

Administrator
Trusted
Geekzone
Subscriber

  Reply # 718715 17-Nov-2012 11:56 Send private message

Basically I was thinking of the possibility of some malicious user injecting HTML code on the subject of a forum discussion and that not being filtered when added to your friend's timeline. Therefore when looking at the Wall that code could be executed.

I changed the encoding for all fields around and those strange posts happened while the scripts were being changed (kept the same old routine name but with new defaults and added a new routine).

That's pretty much it.




Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Vodafone TV multicast settings on pfSense?
Created by kenkeniff, last reply by chrispchikin on 22-Aug-2014 22:36 (133 replies)
Pages... 7 8 9


CGA. Is it fair?
Created by BTR, last reply by bazzer on 22-Aug-2014 11:02 (86 replies)
Pages... 4 5 6


Fluoride is safe, who knew?
Created by networkn, last reply by SaltyNZ on 22-Aug-2014 22:24 (24 replies)
Pages... 2


Free: Smart Button for your Android device
Created by freitasm, last reply by PhantomNVD on 22-Aug-2014 22:08 (104 replies)
Pages... 5 6 7


Lightbox press event release
Created by freitasm, last reply by Lightbox on 22-Aug-2014 17:04 (469 replies)
Pages... 30 31 32


Opotiki SPCA vote
Created by JayADee, last reply by shk292 on 22-Aug-2014 20:21 (19 replies)
Pages... 2


It was hardly 'hacking' was it?
Created by CB_24, last reply by gzt on 21-Aug-2014 22:26 (97 replies)
Pages... 5 6 7


Warning about Pure Hosting
Created by LostBoyNZ, last reply by Zeon on 23-Aug-2014 00:15 (34 replies)
Pages... 2 3



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.