#1274 posted by
metlslime on 2009/01/02 11:23:41
preach: that should only happen if you have javascript enabled, yet, that should also prevent the form from being submitted in the first place. So, not sure how it happened but i'll check out chrome.
#1275 posted by
metlslime on 2009/01/02 11:25:10
if you have javascript enabled
disabled
Well
#1276 posted by
Preach on 2009/01/02 14:31:08
To be honest it's probably just the browser doing something idiotic, it's beta-quality at best. So I wouldn't worry too much about it.
Idea
#1277 posted by
Spirit on 2009/01/23 14:15:55
When replying to a fully loaded thread, just load the last 50 after submitting. Sounds like a quick fix and everybody wins (faster load for the user and less load for the server).
Just Now
#1278 posted by
DaZ on 2009/04/16 16:59:11
Warning: mysql_connect() [function.mysql-connect]: Too many connections in /home/johnfitz/sites/www.celephais.net/board/_database.php on line 9
w00t
DaZ
#1279 posted by
JPL on 2009/04/16 18:22:10
It happens sometimes, just reload the page and it vanishes away :)
Hmm
#1280 posted by
nonentity on 2009/04/16 20:06:50
Or leave it for a bit and then reload the page. Spam reloading it will generate more connections and therefore probably cause the problem to occur longer (I was getting it as well, hence the GA post being the half post I wrote before copying to a text file and making dinner).
Metl
#1282 posted by
Spirit on 2009/06/21 14:32:27
Paaalease fix #1144/#1163
New Tags
#1283 posted by
metlslime on 2009/06/22 07:51:56
Three new tags; see the FAQ for details.
hyperlink
strikethrough
underline
Also, Spirit:
#1284 posted by
metlslime on 2009/06/22 08:05:47
yeah, i'll look at that stuff.
Re: New Tags
#1285 posted by
Lardarse on 2009/06/23 15:22:46
Nice! That will make things easier.
#1288 posted by
negke on 2009/06/23 17:42:49
Hey, can we also have a popup tag? And one for flash overlays? </ddos>
Hmm...
#1289 posted by
metlslime on 2009/06/23 21:56:37
you think that's dangerous...
<a href="javascript:alert('doh')">alert</a>
Maybe i should examine the security implications of this...
#1290 posted by
necros on 2009/06/23 23:47:27
tbh, i prefered it without the a href linking.
i didn't have to hover over links here to see if they are good to click or not.
D
#1291 posted by
czg on 2009/06/23 23:54:48
<a href="javascript:var%20v=document.forms[0];v.title.value='I%20AM%20A%20FAGGOT!';v.body.value='HUMP%20MY%20RUMP!';submitpost(v);">Click for a good time!</a>
Ankh!
#1295 posted by bamby on 2009/06/24 00:00:23
Didn't know you were too..
I AM A FAGGOT!
#1296 posted by anonymous user on 2009/06/24 00:01:15
HUMP MY RUMP!
I AM A FAGGOT!
#1297 posted by anonymous user on 2009/06/24 00:01:33
HUMP MY RUMP!
Well...
#1298 posted by
metlslime on 2009/06/24 00:03:04
I think all issues can be addressed.
First, the misleading URL demonstrated by spirit can be mitigated by making raw URLs look different that anchor tags, using color or other formatting.
Second, the http-based XSS attack spirit showed can be fixed by making the logout button require POST instead of GET.
Third, the javascript-based XSS attacks as demonstrated by czg can be prevented by being stricter about the URL (i.e. requiring http:/ftp: at the beginning)