BBC allows JS in several tags. we need to check where
this issue occurs.
Logged In: YES
seems to be only the glow and shadow tag since there is
used a table which causes the security flaw
the table in the glow and shadow tags is causing the problem.
it's the width in it which can be anything - also code like
onmouseover so the HTML looks like
<table width=400 onmouseover='alert()' style="filter:shadow
regex should be more like this:
$message =~ s~\[shadow=(\S+?),(\d+),(\d+)\](.+?)\[/shadow\]
~qq^[&table width="^ . validwidth($3) . qq^"
$message =~ s~\[glow=(\S+?),(\d+),(\d+)\](.+?)\[/glow\]~qq^
[&table width="^ . validwidth($3) . qq^"
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.