Notings of Attention™
Acmlmboard 2 Released
Github/GIT | @acmlmboard
Chatting Places
Discord

Affiliates
Super Mario Bros. X | Kuribo64
Views: 8,952,605
Main | FAQ | IRC chat | Memberlist | Active users | Latest posts | Stats | Ranks | Online users | Search
03-28-24 09:46 PM
Guest: Register | Login

0 users currently in AcmlmBoard II Software/Bug Report Forum | 1 bot

Main - AcmlmBoard II Software/Bug Report Forum - Netiquette (link behaviour) (2)
Next newer thread | Next older thread

Pages: 1 2 3

Nicole
Posted on 01-17-12 09:30 PM, in Link | ID: 3265
Administrator
Goddess of the Apocalypse
Level: 199


Posts: 67/14042
EXP: 111223631
Next: 1913453

Since: 01-03-12
From: Boston, MA

Last post: 229 days
Last view: 229 days
67 4467 2
Allowing (most) arbitrary HTML is I think one of the "selling points" of this board software, even if it can be a security risk...

The obvious example of what can't be done with BBcode is the entire post layout thing- I mean, you could reimplement everything in some sort of code that gets preprocessed as HTML/CSS, but why bother?


Lili~ ♥
Posted on 01-17-12 09:31 PM, in Link | ID: 3266
Normal User
Queen Lesbian of Kafuka
Level: 159


Posts: 153/8412
EXP: 51555944
Next: 254813

Since: 01-06-12

Last post: 2725 days
Last view: 1248 days
I was thinking of stuff like resizing images on the fly (by using width= or height=). I dunno if that argument applies to links as well, though.


knuck
Posted on 01-17-12 09:33 PM, in Link | ID: 3267
Normal User

Paragoomba

Level: 20


Posts: 49/73
EXP: 41692
Next: 747

Since: 01-03-12

Last post: 4272 days
Last view: 4253 days
Posted by Nicole
Allowing (most) arbitrary HTML is I think one of the "selling points" of this board software, even if it can be a security risk...
I don't think this board software has had any "selling points" since 2007 or so.

Posted by Nicole
The obvious example of what can't be done with BBcode is the entire post layout thing- I mean, you could reimplement everything in some sort of code that gets preprocessed as HTML/CSS, but why bother?
Safety.

As I said in another thread, post layouts should be done with a WYSIWYG editor of sorts, using bb tags, that way a random user can't simple go and make scrolling bugs (like I did with my layout), or break tables, etc. It's also more professional, though that might be irrelevant.

Ailure
Posted on 01-17-12 09:36 PM, in Link | ID: 3268
Retired Staff

Buzzy Beetle
Red pandas and stuff
Level: 43


Posts: 86/398
EXP: 530857
Next: 34189

Since: 01-01-12

Last post: 2458 days
Last view: 661 days
Posted by Kiyoshi
It is mainly the courtesy, in not pretending the linked content is part of your site.
Honestly that's the first time I heard about that, and to be honest I get a little annoyed if every other link opened a new tab when I don't mean to. I do middle-mouseclick a lot (which open links in new tabs) but I still want it to be up to me what the behavior is.

It makes sense to create a separate window sometimes, but those are (relatively rare) cornercases.

____________________
AIM: gamefreak1337, MSN: Emil_sim@spray.se, XMPP: ailure@xmpp.kafuka.org, YouTube



knuck
Posted on 01-17-12 09:40 PM, in Link | ID: 3269
Normal User

Paragoomba

Level: 20


Posts: 50/73
EXP: 41692
Next: 747

Since: 01-03-12

Last post: 4272 days
Last view: 4253 days
Posted by Ailure
Honestly that's the first time I heard about that, and to be honest I get a little annoyed if every other link opened a new tab when I don't mean to. I do middle-mouseclick a lot (which open links in new tabs) but I still want it to be up to me what the behavior is.
Same. Also it makes me think before clicking a link, when I suspect it might open in a new tab, I just middle-click it to open on the foreground.

To smartasses: Don't care if there's any config or extension that will change this behavior. Muscle memory for the win.

Kiyoshi
Posted on 01-17-12 09:41 PM, in Link | ID: 3270
Normal User
HEY HEY HEY STAY OUTTA MAH SHED
Level: 64


Posts: 242/1016
EXP: 2164928
Next: 49169

Since: 01-02-12

Last post: 4356 days
Last view: 4327 days
In ABXD, <a href> and <embed> are filtered for security. There are [url] and [youtube] for that. I don't see the added value of HTML here.

<img> is not filtered, so you can still set an image width and height.

____________________
I don't give a flying feather

Lili~ ♥
Posted on 01-17-12 09:43 PM, in (rev. 2 of 01-17-12 09:43 PM by Lili~ ♥) Link | ID: 3271
Normal User
Queen Lesbian of Kafuka
Level: 159


Posts: 154/8412
EXP: 51555944
Next: 254813

Since: 01-06-12

Last post: 2725 days
Last view: 1248 days
You lose the possibility of embedding MIDI or similar by filtering <embed> though, so it is kinda a tradeoff.


Arisotura
Posted on 01-17-12 09:43 PM, in Link | ID: 3273
Developer
pancakes
Level: 83


Posts: 50/1868
EXP: 5395547
Next: 36674

Since: 01-05-12
From: France

Last post: 655 days
Last view: 194 days
Let your mouse over me

This is one potential advantage of HTML, among others. Also what is so bad about <a href> and security? wait what are you saying? ABXD never filtered <a href>...

____________________
Kuribo64 - melonDS

want some revolution in your coffee?

Epele
Posted on 01-17-12 09:43 PM, in Link | ID: 3274
Site Administrator
The Sorceress.
Boing~

Level: 235


Posts: 230/20774
EXP: 200185932
Next: 1739960

Since: 01-01-12
From: UK

Last post: 814 days
Last view: 9 hours
Posted by Kiyoshi
In ABXD, <a href> and <embed> are filtered for security. There are [url] and [youtube] for that. I don't see the added value of HTML here.

<img> is not filtered, so you can still set an image width and height.


Filtering <a> tags makes not much sense considering a good deal of exploits are possible with an <img> tag. :/


The world could always use more heroes!

Kiyoshi
Posted on 01-17-12 09:50 PM, in Link | ID: 3276
Normal User
HEY HEY HEY STAY OUTTA MAH SHED
Level: 64


Posts: 243/1016
EXP: 2164928
Next: 49169

Since: 01-02-12

Last post: 4356 days
Last view: 4327 days
Posted by Ailure
Posted by Kiyoshi
It is mainly the courtesy, in not pretending the linked content is part of your site.
I get a little annoyed if every other link opened a new tab when I don't mean to. I do middle-mouseclick a lot (which open links in new tabs) but I still want it to be up to me what the behavior is.

It makes sense to create a separate window sometimes, but those are (relatively rare) cornercases.
I get rather annoyed if every link gets opened in the same tab when I don't mean to. I do middle-mouseclick a lot (which open links in new tabs) but I still want it to be up to me what the behavior is.

It hardly makes sense to lose the post you were working on and let your tab be reused sometimes, but those are very rare cornercases.

____________________
I don't give a flying feather

knuck
Posted on 01-17-12 09:50 PM, in (rev. 3 of 01-17-12 09:51 PM by knuck) Link | ID: 3278
Normal User

Paragoomba

Level: 20


Posts: 51/73
EXP: 41692
Next: 747

Since: 01-03-12

Last post: 4272 days
Last view: 4253 days
Posted by Mega-Mario
Let your mouse over me

This is one potential advantage of HTML, among others. Also what is so bad about "a href" and security? wait what are you saying? ABXD never filtered "a href"...
That could be replaced by title sub-attributes in the [ url ] tag.
End-users shouldn't be dealing directly with HTML tags. What if it was a link to this?

EDIT: Point is, with a bb tag it's easier to parse the link and disallow malicious actions.
EDIT2: What if it was an img tag? :P

Epele
Posted on 01-17-12 09:53 PM, in Link | ID: 3279
Site Administrator
The Sorceress.
Boing~

Level: 235


Posts: 233/20774
EXP: 200185932
Next: 1739960

Since: 01-01-12
From: UK

Last post: 814 days
Last view: 9 hours
Posted by knuck
End-users shouldn't be dealing directly with HTML tags. What if it was a link to this?

EDIT: Point is, with a bb tag it's easier to parse the link and disallow malicious actions.


the BB tags are mostly there for those who don't know about html.. or don't realise the board supports it.

Or that's just how I see it.


The world could always use more heroes!

knuck
Posted on 01-17-12 09:55 PM, in Link | ID: 3280
Normal User

Paragoomba

Level: 20


Posts: 52/73
EXP: 41692
Next: 747

Since: 01-03-12

Last post: 4272 days
Last view: 4253 days
Posted by Gywall

the BB tags are mostly there for those who don't know about html.. or don't realise the board supports it.

Or that's just how I see it.
I always saw Acmlmboard as potential real-world software, so for me allowing HTML as a security risk, among other things. Of course, Acmlmboard was coded by Acmlm just "for fun", with no intentions of ever having it as "real-world" software I believe.

Arisotura
Posted on 01-17-12 09:57 PM, in Link | ID: 3281
Developer
pancakes
Level: 83


Posts: 51/1868
EXP: 5395547
Next: 36674

Since: 01-05-12
From: France

Last post: 655 days
Last view: 194 days
Okay, let's just go and nuke one of the great features unique to Acmlmboard for added security. Oh wait, users would find ways to hax the bbcodes. Let's just not allow anything other than plaintext so that we're not running any risk.

Seriously speaking, I'm all for keeping HTML as much open as we can. An Acmlmboard without HTML isn't an Acmlmboard. It's just yet another boring board software.

____________________
Kuribo64 - melonDS

want some revolution in your coffee?

Kiyoshi
Posted on 01-17-12 09:58 PM, in (rev. 2 of 01-17-12 09:59 PM by Kiyoshi) Link | ID: 3282
Normal User
HEY HEY HEY STAY OUTTA MAH SHED
Level: 64


Posts: 244/1016
EXP: 2164928
Next: 49169

Since: 01-02-12

Last post: 4356 days
Last view: 4327 days
Posted by knuck
Posted by Mega-Mario
Let your mouse over me

This is one potential advantage of HTML, among others. Also what is so bad about "a href" and security? wait what are you saying? ABXD never filtered "a href"...
That could be replaced by title sub-attributes in the [ url ] tag.
End-users shouldn't be dealing directly with HTML tags. What if it was a link to this?

EDIT: Point is, with a bb tag it's easier to parse the link and disallow malicious actions.
EDIT2: What if it was an img tag? :P
I do remember a link filter though, maybe Kawa or Arisotura can clear up my confusion. I might be just confused with the <embed> tag.

Edit: what you say is very true, Arisotura
Can we go back on topic now?

____________________
I don't give a flying feather

knuck
Posted on 01-17-12 10:01 PM, in Link | ID: 3283
Normal User

Paragoomba

Level: 20


Posts: 53/73
EXP: 41692
Next: 747

Since: 01-03-12

Last post: 4272 days
Last view: 4253 days
Posted by Mega-Mario
Okay, let's just go and nuke one of the great features unique to Acmlmboard for added security. Oh wait, users would find ways to hax the bbcodes.
You clearly know nothing about compilers and parsing. You should really refrain from talking about technical stuff you know nothing about.

Posted by Mega-Mario
Let's just not allow anything other than plaintext so that we're not running any risk.
:lol:

Posted by Mega-Mario
Seriously speaking, I'm all for keeping HTML as much open as we can. An Acmlmboard without HTML isn't an Acmlmboard. It's just yet another boring board software.
What if we have bb codes for all the needed HTML? Woul you still want "FULL HTML SUPPORT"? It sounds like someone is looking for exploits... ;)

Arisotura
Posted on 01-17-12 10:08 PM, in Link | ID: 3284
Developer
pancakes
Level: 83


Posts: 52/1868
EXP: 5395547
Next: 36674

Since: 01-05-12
From: France

Last post: 655 days
Last view: 194 days
Posted by knuck
Posted by Mega-Mario
Okay, let's just go and nuke one of the great features unique to Acmlmboard for added security. Oh wait, users would find ways to hax the bbcodes.
You clearly know nothing about compilers and parsing. You should really refrain from talking about technical stuff you know nothing about.

YOU do not know me enough to say that kind of stuff. I know what I'm talking about. I have been coding for ABXD since a good while now, in case you don't know.

Also, I don't want 'full' HTML support. I said 'as much as open as we can', which doesn't mean 'full' but 'keep the most features possible while blocking out dangerous stuff'.

Besides, cookie stealing on the AB2 branch is a loss of time unless you know the AES256 key that is used to encrypt them (or atleast that's how it was done on AB2.0a1, it may have changed since then).

____________________
Kuribo64 - melonDS

want some revolution in your coffee?

Lili~ ♥
Posted on 01-18-12 07:58 AM, in Link | ID: 3315
Normal User
Queen Lesbian of Kafuka
Level: 159


Posts: 157/8412
EXP: 51555944
Next: 254813

Since: 01-06-12

Last post: 2725 days
Last view: 1248 days

this discussion



Seriously, why can't you just leave everything as it is? After all, it's long been any sysadmin's mantra to never change a running system, and that for a good reason. It works, and that's the most important thing.


knuck
Posted on 01-18-12 09:08 AM, in Link | ID: 3318
Normal User

Paragoomba

Level: 20


Posts: 54/73
EXP: 41692
Next: 747

Since: 01-03-12

Last post: 4272 days
Last view: 4253 days
Posted by Liliana
Seriously, why can't you just leave everything as it is? After all, it's long been any sysadmin's mantra to never change a running system, and that for a good reason. It works, and that's the most important thing.
To be honest, that's an horrible example in this situation. But whatever either way, it's important to be able to use > and < I guess.

Kawa
Posted on 01-18-12 05:26 PM, in Link | ID: 3343
Retired Staff

Not okay
Prophet of Celestia
Level: 93


Posts: 172/2423
EXP: 7974142
Next: 78668

Since: 01-01-12
From: The Netherlands

Last post: 2000 days
Last view: 315 days
Gentlemen?

How about a setting?

Allow <a href>, but only make external links open in a new tab as per the user's settings?

Also, HTML > BBCode, but that's just my opinion and you don't need to share it.

Pages: 1 2 3


Next newer thread | Next older thread
Main - AcmlmBoard II Software/Bug Report Forum - Netiquette (link behaviour) (2)


Acmlmboard v2.5.5 (10/04/2020)
© 2005-2024 Acmlm, Emuz, et al.

Page rendered in 0.096 seconds. (856KB of memory used)
MySQL - queries: 214, rows: 614/647, time: 0.067 seconds.