News | Forum | People | FAQ | Links | Search | Register | Log in
Site Help
This is the forum to ask questions about this website, report things that are broken, request features, etc.

Be sure to check out the FAQ as well.
First | Previous | Next | Last
 
preach: that should only happen if you have javascript enabled, yet, that should also prevent the form from being submitted in the first place. So, not sure how it happened but i'll check out chrome. 
 
if you have javascript enabled

disabled 
Well 
To be honest it's probably just the browser doing something idiotic, it's beta-quality at best. So I wouldn't worry too much about it. 
Idea 
When replying to a fully loaded thread, just load the last 50 after submitting. Sounds like a quick fix and everybody wins (faster load for the user and less load for the server). 
Just Now 
Warning: mysql_connect() [function.mysql-connect]: Too many connections in /home/johnfitz/sites/www.celephais.net/board/_database.php on line 9

w00t 
DaZ 
It happens sometimes, just reload the page and it vanishes away :) 
Hmm 
Or leave it for a bit and then reload the page. Spam reloading it will generate more connections and therefore probably cause the problem to occur longer (I was getting it as well, hence the GA post being the half post I wrote before copying to a text file and making dinner). 
Create_thread.php 
needs <blink> 
Metl 
Paaalease fix #1144/#1163 
New Tags 
Three new tags; see the FAQ for details.

hyperlink
strikethrough
underline 
Also, Spirit: 
yeah, i'll look at that stuff. 
Re: New Tags 
Nice! That will make things easier. 
Yes 
Spirit 
You are stupid... 
 
Hey, can we also have a popup tag? And one for flash overlays? </ddos> 
Hmm... 
you think that's dangerous...

<a href="javascript:alert('doh')">alert</a>

Maybe i should examine the security implications of this... 
 
tbh, i prefered it without the a href linking.

i didn't have to hover over links here to see if they are good to click or not. 
<a href="javascript:var%20v=document.forms[0];v.title.value='I%20AM%20A%20FAGGOT!';v.body.value='HUMP%20MY%20RUMP!';submitpost(v);">Click for a good time!</a> 
I AM A FAGGOT! 
HUMP MY RUMP! 
I AM A FAGGOT! 
HUMP MY RUMP! 
 
:P 
Ankh! 
Didn't know you were too.. 
I AM A FAGGOT! 
HUMP MY RUMP! 
I AM A FAGGOT! 
HUMP MY RUMP! 
Well... 
I think all issues can be addressed.

First, the misleading URL demonstrated by spirit can be mitigated by making raw URLs look different that anchor tags, using color or other formatting.

Second, the http-based XSS attack spirit showed can be fixed by making the logout button require POST instead of GET.

Third, the javascript-based XSS attacks as demonstrated by czg can be prevented by being stricter about the URL (i.e. requiring http:/ftp: at the beginning) 
First | Previous | Next | Last
You must be logged in to post in this thread.
Website copyright © 2002-2024 John Fitzgibbons. All posts are copyright their respective authors.