Notings of Attention™
Acmlmboard 2 Released
Github/GIT | @acmlmboard | IRC: #abdev
Chatting Places
IRC: #kafuka | Discord

Affiliates
Super Mario Bros. X | Kuribo64
Views: 5,933,218
Main | FAQ | IRC chat | Memberlist | Active users | Latest posts | Stats | Ranks | Online users | Search
03-21-19 11:55 AM
Guest: Register | Login

0 users currently in AcmlmBoard II Software/Bug Report Forum | 4 bots

Main - AcmlmBoard II Software/Bug Report Forum - Netiquette (link behaviour) (2)
Next newer thread | Next older thread

Pages: 1 2 3

Nicolyn
Posted on 01-17-12 09:30 PM Link | ID: 3265
Administrator
Goddess of the Apocalypse
Level: 174


Posts: 67/12295
EXP: 69961940
Next: 935927

Since: 01-03-12
From: Boston, MA

Last post: 10 hours
Last view: 10 hours
Nicole BASIC v174.33 ### 2048 bytes free

Ready.
load "POST_67"
Allowing (most) arbitrary HTML is I think one of the "selling points" of this board software, even if it can be a security risk...

The obvious example of what can't be done with BBcode is the entire post layout thing- I mean, you could reimplement everything in some sort of code that gets preprocessed as HTML/CSS, but why bother?

?Syntax Error.

Lili~ ♥
Posted on 01-17-12 09:31 PM Link | ID: 3266
Queen Lesbian of Kafuka
Level: 148


Posts: 153/8412
EXP: 39573815
Next: 804848

Since: 01-06-12

Last post: 891 days
Last view: 855 days
I was thinking of stuff like resizing images on the fly (by using width= or height=). I dunno if that argument applies to links as well, though.


knuck
Posted on 01-17-12 09:33 PM Link | ID: 3267

Paragoomba

Level: 19


Posts: 49/73
EXP: 32010
Next: 3767

Since: 01-03-12

Last post: 2438 days
Last view: 2419 days
Posted by Nicole
Allowing (most) arbitrary HTML is I think one of the "selling points" of this board software, even if it can be a security risk...
I don't think this board software has had any "selling points" since 2007 or so.

Posted by Nicole
The obvious example of what can't be done with BBcode is the entire post layout thing- I mean, you could reimplement everything in some sort of code that gets preprocessed as HTML/CSS, but why bother?
Safety.

As I said in another thread, post layouts should be done with a WYSIWYG editor of sorts, using bb tags, that way a random user can't simple go and make scrolling bugs (like I did with my layout), or break tables, etc. It's also more professional, though that might be irrelevant.

Ailure
Posted on 01-17-12 09:36 PM Link | ID: 3268
Administrator

Buzzy Beetle
Red pandas and stuff
Level: 40


Posts: 86/398
EXP: 407627
Next: 33682

Since: 01-01-12

Last post: 624 days
Last view: 53 days
Posted by Kiyoshi
It is mainly the courtesy, in not pretending the linked content is part of your site.
Honestly that's the first time I heard about that, and to be honest I get a little annoyed if every other link opened a new tab when I don't mean to. I do middle-mouseclick a lot (which open links in new tabs) but I still want it to be up to me what the behavior is.

It makes sense to create a separate window sometimes, but those are (relatively rare) cornercases.

____________________
AIM: gamefreak1337, MSN: Emil_sim@spray.se, XMPP: ailure@xmpp.kafuka.org, YouTube



knuck
Posted on 01-17-12 09:40 PM Link | ID: 3269

Paragoomba

Level: 19


Posts: 50/73
EXP: 32010
Next: 3767

Since: 01-03-12

Last post: 2438 days
Last view: 2419 days
Posted by Ailure
Honestly that's the first time I heard about that, and to be honest I get a little annoyed if every other link opened a new tab when I don't mean to. I do middle-mouseclick a lot (which open links in new tabs) but I still want it to be up to me what the behavior is.
Same. Also it makes me think before clicking a link, when I suspect it might open in a new tab, I just middle-click it to open on the foreground.

To smartasses: Don't care if there's any config or extension that will change this behavior. Muscle memory for the win.

Kiyoshi
Posted on 01-17-12 09:41 PM Link | ID: 3270
HEY HEY HEY STAY OUTTA MAH SHED
Level: 59


Posts: 242/1016
EXP: 1662238
Next: 10890

Since: 01-02-12

Last post: 2522 days
Last view: 2493 days
In ABXD, <a href> and <embed> are filtered for security. There are [url] and [youtube] for that. I don't see the added value of HTML here.

<img> is not filtered, so you can still set an image width and height.

____________________
I don't give a flying feather

Lili~ ♥
Posted on 01-17-12 09:43 PM (rev. 2 of 01-17-12 09:43 PM by Lili~ ♥) Link | ID: 3271
Queen Lesbian of Kafuka
Level: 148


Posts: 154/8412
EXP: 39573815
Next: 804848

Since: 01-06-12

Last post: 891 days
Last view: 855 days
You lose the possibility of embedding MIDI or similar by filtering <embed> though, so it is kinda a tradeoff.


Arisotura
Posted on 01-17-12 09:43 PM Link | ID: 3273
Developer
there was a girl
Level: 73


Posts: 50/1652
EXP: 3444629
Next: 41239

Since: 01-05-12
From: France

Last post: 93 days
Last view: 77 days
Let your mouse over me

This is one potential advantage of HTML, among others. Also what is so bad about <a href> and security? wait what are you saying? ABXD never filtered <a href>...

____________________
Kuribo64 - melonDS

want some revolution in your coffee?

Epele
Posted on 01-17-12 09:43 PM Link | ID: 3274
Acmlmistrator
The Sorceress.
OwO

Level: 214


Posts: 230/19904
EXP: 144161333
Next: 1563850

Since: 01-01-12
From: UK

Last post: 9 hours
Last view: 6 min.
Posted by Kiyoshi
In ABXD, <a href> and <embed> are filtered for security. There are [url] and [youtube] for that. I don't see the added value of HTML here.

<img> is not filtered, so you can still set an image width and height.


Filtering <a> tags makes not much sense considering a good deal of exploits are possible with an <img> tag. :/


The world could always use more heroes!

Kiyoshi
Posted on 01-17-12 09:50 PM Link | ID: 3276
HEY HEY HEY STAY OUTTA MAH SHED
Level: 59


Posts: 243/1016
EXP: 1662238
Next: 10890

Since: 01-02-12

Last post: 2522 days
Last view: 2493 days
Posted by Ailure
Posted by Kiyoshi
It is mainly the courtesy, in not pretending the linked content is part of your site.
I get a little annoyed if every other link opened a new tab when I don't mean to. I do middle-mouseclick a lot (which open links in new tabs) but I still want it to be up to me what the behavior is.

It makes sense to create a separate window sometimes, but those are (relatively rare) cornercases.
I get rather annoyed if every link gets opened in the same tab when I don't mean to. I do middle-mouseclick a lot (which open links in new tabs) but I still want it to be up to me what the behavior is.

It hardly makes sense to lose the post you were working on and let your tab be reused sometimes, but those are very rare cornercases.

____________________
I don't give a flying feather

knuck
Posted on 01-17-12 09:50 PM (rev. 3 of 01-17-12 09:51 PM by knuck) Link | ID: 3278

Paragoomba

Level: 19


Posts: 51/73
EXP: 32010
Next: 3767

Since: 01-03-12

Last post: 2438 days
Last view: 2419 days
Posted by Mega-Mario
Let your mouse over me

This is one potential advantage of HTML, among others. Also what is so bad about "a href" and security? wait what are you saying? ABXD never filtered "a href"...
That could be replaced by title sub-attributes in the [ url ] tag.
End-users shouldn't be dealing directly with HTML tags. What if it was a link to this?

EDIT: Point is, with a bb tag it's easier to parse the link and disallow malicious actions.
EDIT2: What if it was an img tag? :P

Epele
Posted on 01-17-12 09:53 PM Link | ID: 3279
Acmlmistrator
The Sorceress.
OwO

Level: 214


Posts: 233/19904
EXP: 144161333
Next: 1563850

Since: 01-01-12
From: UK

Last post: 9 hours
Last view: 6 min.
Posted by knuck
End-users shouldn't be dealing directly with HTML tags. What if it was a link to this?

EDIT: Point is, with a bb tag it's easier to parse the link and disallow malicious actions.


the BB tags are mostly there for those who don't know about html.. or don't realise the board supports it.

Or that's just how I see it.


The world could always use more heroes!

knuck
Posted on 01-17-12 09:55 PM Link | ID: 3280

Paragoomba

Level: 19


Posts: 52/73
EXP: 32010
Next: 3767

Since: 01-03-12

Last post: 2438 days
Last view: 2419 days
Posted by Gywall

the BB tags are mostly there for those who don't know about html.. or don't realise the board supports it.

Or that's just how I see it.
I always saw Acmlmboard as potential real-world software, so for me allowing HTML as a security risk, among other things. Of course, Acmlmboard was coded by Acmlm just "for fun", with no intentions of ever having it as "real-world" software I believe.

Arisotura
Posted on 01-17-12 09:57 PM Link | ID: 3281
Developer
there was a girl
Level: 73


Posts: 51/1652
EXP: 3444629
Next: 41239

Since: 01-05-12
From: France

Last post: 93 days
Last view: 77 days
Okay, let's just go and nuke one of the great features unique to Acmlmboard for added security. Oh wait, users would find ways to hax the bbcodes. Let's just not allow anything other than plaintext so that we're not running any risk.

Seriously speaking, I'm all for keeping HTML as much open as we can. An Acmlmboard without HTML isn't an Acmlmboard. It's just yet another boring board software.

____________________
Kuribo64 - melonDS

want some revolution in your coffee?

Kiyoshi
Posted on 01-17-12 09:58 PM (rev. 2 of 01-17-12 09:59 PM by Kiyoshi) Link | ID: 3282
HEY HEY HEY STAY OUTTA MAH SHED
Level: 59


Posts: 244/1016
EXP: 1662238
Next: 10890

Since: 01-02-12

Last post: 2522 days
Last view: 2493 days
Posted by knuck
Posted by Mega-Mario
Let your mouse over me

This is one potential advantage of HTML, among others. Also what is so bad about "a href" and security? wait what are you saying? ABXD never filtered "a href"...
That could be replaced by title sub-attributes in the [ url ] tag.
End-users shouldn't be dealing directly with HTML tags. What if it was a link to this?

EDIT: Point is, with a bb tag it's easier to parse the link and disallow malicious actions.
EDIT2: What if it was an img tag? :P
I do remember a link filter though, maybe Kawa or Arisotura can clear up my confusion. I might be just confused with the <embed> tag.

Edit: what you say is very true, Arisotura
Can we go back on topic now?

____________________
I don't give a flying feather

knuck
Posted on 01-17-12 10:01 PM Link | ID: 3283

Paragoomba

Level: 19


Posts: 53/73
EXP: 32010
Next: 3767

Since: 01-03-12

Last post: 2438 days
Last view: 2419 days
Posted by Mega-Mario
Okay, let's just go and nuke one of the great features unique to Acmlmboard for added security. Oh wait, users would find ways to hax the bbcodes.
You clearly know nothing about compilers and parsing. You should really refrain from talking about technical stuff you know nothing about.

Posted by Mega-Mario
Let's just not allow anything other than plaintext so that we're not running any risk.
:lol:

Posted by Mega-Mario
Seriously speaking, I'm all for keeping HTML as much open as we can. An Acmlmboard without HTML isn't an Acmlmboard. It's just yet another boring board software.
What if we have bb codes for all the needed HTML? Woul you still want "FULL HTML SUPPORT"? It sounds like someone is looking for exploits... ;)

Arisotura
Posted on 01-17-12 10:08 PM Link | ID: 3284
Developer
there was a girl
Level: 73


Posts: 52/1652
EXP: 3444629
Next: 41239

Since: 01-05-12
From: France

Last post: 93 days
Last view: 77 days
Posted by knuck
Posted by Mega-Mario
Okay, let's just go and nuke one of the great features unique to Acmlmboard for added security. Oh wait, users would find ways to hax the bbcodes.
You clearly know nothing about compilers and parsing. You should really refrain from talking about technical stuff you know nothing about.

YOU do not know me enough to say that kind of stuff. I know what I'm talking about. I have been coding for ABXD since a good while now, in case you don't know.

Also, I don't want 'full' HTML support. I said 'as much as open as we can', which doesn't mean 'full' but 'keep the most features possible while blocking out dangerous stuff'.

Besides, cookie stealing on the AB2 branch is a loss of time unless you know the AES256 key that is used to encrypt them (or atleast that's how it was done on AB2.0a1, it may have changed since then).

____________________
Kuribo64 - melonDS

want some revolution in your coffee?

Lili~ ♥
Posted on 01-18-12 07:58 AM Link | ID: 3315
Queen Lesbian of Kafuka
Level: 148


Posts: 157/8412
EXP: 39573815
Next: 804848

Since: 01-06-12

Last post: 891 days
Last view: 855 days

this discussion



Seriously, why can't you just leave everything as it is? After all, it's long been any sysadmin's mantra to never change a running system, and that for a good reason. It works, and that's the most important thing.


knuck
Posted on 01-18-12 09:08 AM Link | ID: 3318

Paragoomba

Level: 19


Posts: 54/73
EXP: 32010
Next: 3767

Since: 01-03-12

Last post: 2438 days
Last view: 2419 days
Posted by Liliana
Seriously, why can't you just leave everything as it is? After all, it's long been any sysadmin's mantra to never change a running system, and that for a good reason. It works, and that's the most important thing.
To be honest, that's an horrible example in this situation. But whatever either way, it's important to be able to use > and < I guess.

Kawa
Posted on 01-18-12 05:26 PM Link | ID: 3343
Retired Staff

Not okay
Prophet of Celestia
Level: 86


Posts: 172/2423
EXP: 6123070
Next: 19037

Since: 01-01-12
From: The Netherlands

Last post: 165 days
Last view: 140 days
Gentlemen?

How about a setting?

Allow <a href>, but only make external links open in a new tab as per the user's settings?

Also, HTML > BBCode, but that's just my opinion and you don't need to share it.

Pages: 1 2 3


Next newer thread | Next older thread
Main - AcmlmBoard II Software/Bug Report Forum - Netiquette (link behaviour) (2)


Acmlmboard v2.5.4 (03/13/2019)
© 2005-2019 Acmlm, Emuz, et al.

Page rendered in 0.129 seconds. (660KB of memory used)
MySQL - queries: 214, rows: 603/636, time: 0.062 seconds.