Menu
▾
▴
#7 Javascript/Flash Hack
Author: Eloi George <eloi@NOSPAM.bygeorgeware.com>
Version: 4
Updated: 8/31/2004
--------------------------------------------------
This code is ready for inclusion in the current Release
Candidate (0.9.3.4).
It has been in general use since February and is
bug-free. Below is a description of what the code
does. The included .tar.gz contains both the updated
.php files and corresponding unified diff files with
extensions of .diff.txt. The basecode is current as of
Friday's (8/31/04) Daily CVS Tarball.
Javascript/Flash Hack
/conf/textSettings.php now has an extra variable called
$allowed_extra_tags that holds tags that can only be
used by authorized admins. These users are authorized
by allowing them to "Use Extended HTML Tags" in the
user "Module Rights" screen.
As singletrack pointed out this weekend, if you want to
restrict your users to bbCode (or WikiTax), while
allowing your admins to still enter HTML tags, you can
just move all the tags from the first level to the second.
It's also been called the "Javascript/Flash Hack"
because changes have been made to the parser to allow
executable Javascript/Flash code to be entered by
authorized users.
Dieties can now use any tag they please -- nothing will
get stripped. You are finally truly omnipotent!
Patch files for Javascript/Flash Hack
Logged In: YES
user_id=656822
I'm wondering if this would be helpful in the case of comment
spammers. You could remove the "<a>" tag?
I haven't gotten any comment spammers yet but I'd like to
have a plan before I get marked. :)
Logged In: YES
user_id=619893
You could move the "<a>" tag from $allowed_tags to
$allowed_extra_tags.
This would make it so that only authorized admins can use
the "<a>" tag.