Notings of Attention™
Acmlmboard 2 Released
Github/GIT | @acmlmboard | IRC: #abdev
Chatting Places
IRC: #kafuka | Discord

Affiliates
Super Mario Bros. X | Kuribo64
Views: 6,131,060
Main | FAQ | IRC chat | Memberlist | Active users | Latest posts | Stats | Ranks | Online users | Search
06-25-19 06:00 PM
Guest: Register | Login

0 users currently in AcmlmBoard II Software/Bug Report Forum | 9 bots

Main - AcmlmBoard II Software/Bug Report Forum - Netiquette (link behaviour) (2)
Next newer thread | Next older thread

Pages: 1 2 3

Nicolyn
Posted on 01-17-12 09:30 PM Link | ID: 3265
Administrator
Goddess of the Apocalypse
Level: 176


Posts: 67/12557
EXP: 73517862
Next: 256664

Since: 01-03-12
From: Boston, MA

Last post: 7 hours
Last view: 3 hours
Nicole BASIC v176.82 ### 2048 bytes free

Ready.
load "POST_67"
Allowing (most) arbitrary HTML is I think one of the "selling points" of this board software, even if it can be a security risk...

The obvious example of what can't be done with BBcode is the entire post layout thing- I mean, you could reimplement everything in some sort of code that gets preprocessed as HTML/CSS, but why bother?

?Syntax Error.

Lili~ ♥
Posted on 01-17-12 09:31 PM Link | ID: 3266
Queen Lesbian of Kafuka
Level: 148


Posts: 153/8412
EXP: 40291210
Next: 87453

Since: 01-06-12

Last post: 987 days
Last view: 951 days
I was thinking of stuff like resizing images on the fly (by using width= or height=). I dunno if that argument applies to links as well, though.


knuck
Posted on 01-17-12 09:33 PM Link | ID: 3267

Paragoomba

Level: 19


Posts: 49/73
EXP: 32590
Next: 3187

Since: 01-03-12

Last post: 2534 days
Last view: 2515 days
Posted by Nicole
Allowing (most) arbitrary HTML is I think one of the "selling points" of this board software, even if it can be a security risk...
I don't think this board software has had any "selling points" since 2007 or so.

Posted by Nicole
The obvious example of what can't be done with BBcode is the entire post layout thing- I mean, you could reimplement everything in some sort of code that gets preprocessed as HTML/CSS, but why bother?
Safety.

As I said in another thread, post layouts should be done with a WYSIWYG editor of sorts, using bb tags, that way a random user can't simple go and make scrolling bugs (like I did with my layout), or break tables, etc. It's also more professional, though that might be irrelevant.

Ailure
Posted on 01-17-12 09:36 PM Link | ID: 3268
Administrator

Buzzy Beetle
Red pandas and stuff
Level: 40


Posts: 86/398
EXP: 415003
Next: 26306

Since: 01-01-12

Last post: 720 days
Last view: 39 days
Posted by Kiyoshi
It is mainly the courtesy, in not pretending the linked content is part of your site.
Honestly that's the first time I heard about that, and to be honest I get a little annoyed if every other link opened a new tab when I don't mean to. I do middle-mouseclick a lot (which open links in new tabs) but I still want it to be up to me what the behavior is.

It makes sense to create a separate window sometimes, but those are (relatively rare) cornercases.

____________________
AIM: gamefreak1337, MSN: Emil_sim@spray.se, XMPP: ailure@xmpp.kafuka.org, YouTube



knuck
Posted on 01-17-12 09:40 PM Link | ID: 3269

Paragoomba

Level: 19


Posts: 50/73
EXP: 32590
Next: 3187

Since: 01-03-12

Last post: 2534 days
Last view: 2515 days
Posted by Ailure
Honestly that's the first time I heard about that, and to be honest I get a little annoyed if every other link opened a new tab when I don't mean to. I do middle-mouseclick a lot (which open links in new tabs) but I still want it to be up to me what the behavior is.
Same. Also it makes me think before clicking a link, when I suspect it might open in a new tab, I just middle-click it to open on the foreground.

To smartasses: Don't care if there's any config or extension that will change this behavior. Muscle memory for the win.

Kiyoshi
Posted on 01-17-12 09:41 PM Link | ID: 3270
HEY HEY HEY STAY OUTTA MAH SHED
Level: 60


Posts: 242/1016
EXP: 1692331
Next: 80447

Since: 01-02-12

Last post: 2618 days
Last view: 2589 days
In ABXD, <a href> and <embed> are filtered for security. There are [url] and [youtube] for that. I don't see the added value of HTML here.

<img> is not filtered, so you can still set an image width and height.

____________________
I don't give a flying feather

Lili~ ♥
Posted on 01-17-12 09:43 PM (rev. 2 of 01-17-12 09:43 PM by Lili~ ♥) Link | ID: 3271
Queen Lesbian of Kafuka
Level: 148


Posts: 154/8412
EXP: 40291210
Next: 87453

Since: 01-06-12

Last post: 987 days
Last view: 951 days
You lose the possibility of embedding MIDI or similar by filtering <embed> though, so it is kinda a tradeoff.


Arisotura
Posted on 01-17-12 09:43 PM Link | ID: 3273
Developer
there was a girl
Level: 74


Posts: 50/1652
EXP: 3507054
Next: 146490

Since: 01-05-12
From: France

Last post: 189 days
Last view: 174 days
Let your mouse over me

This is one potential advantage of HTML, among others. Also what is so bad about <a href> and security? wait what are you saying? ABXD never filtered <a href>...

____________________
Kuribo64 - melonDS

want some revolution in your coffee?

Epele
Posted on 01-17-12 09:43 PM Link | ID: 3274
Site Administrator
The Sorceress.
Boing~

Level: 216


Posts: 230/20132
EXP: 149299256
Next: 1225893

Since: 01-01-12
From: UK

Last post: 1 day
Last view: 2 hours
Posted by Kiyoshi
In ABXD, <a href> and <embed> are filtered for security. There are [url] and [youtube] for that. I don't see the added value of HTML here.

<img> is not filtered, so you can still set an image width and height.


Filtering <a> tags makes not much sense considering a good deal of exploits are possible with an <img> tag. :/


The world could always use more heroes!

Kiyoshi
Posted on 01-17-12 09:50 PM Link | ID: 3276
HEY HEY HEY STAY OUTTA MAH SHED
Level: 60


Posts: 243/1016
EXP: 1692331
Next: 80447

Since: 01-02-12

Last post: 2618 days
Last view: 2589 days
Posted by Ailure
Posted by Kiyoshi
It is mainly the courtesy, in not pretending the linked content is part of your site.
I get a little annoyed if every other link opened a new tab when I don't mean to. I do middle-mouseclick a lot (which open links in new tabs) but I still want it to be up to me what the behavior is.

It makes sense to create a separate window sometimes, but those are (relatively rare) cornercases.
I get rather annoyed if every link gets opened in the same tab when I don't mean to. I do middle-mouseclick a lot (which open links in new tabs) but I still want it to be up to me what the behavior is.

It hardly makes sense to lose the post you were working on and let your tab be reused sometimes, but those are very rare cornercases.

____________________
I don't give a flying feather

knuck
Posted on 01-17-12 09:50 PM (rev. 3 of 01-17-12 09:51 PM by knuck) Link | ID: 3278

Paragoomba

Level: 19


Posts: 51/73
EXP: 32590
Next: 3187

Since: 01-03-12

Last post: 2534 days
Last view: 2515 days
Posted by Mega-Mario
Let your mouse over me

This is one potential advantage of HTML, among others. Also what is so bad about "a href" and security? wait what are you saying? ABXD never filtered "a href"...
That could be replaced by title sub-attributes in the [ url ] tag.
End-users shouldn't be dealing directly with HTML tags. What if it was a link to this?

EDIT: Point is, with a bb tag it's easier to parse the link and disallow malicious actions.
EDIT2: What if it was an img tag? :P

Epele
Posted on 01-17-12 09:53 PM Link | ID: 3279
Site Administrator
The Sorceress.
Boing~

Level: 216


Posts: 233/20132
EXP: 149299256
Next: 1225893

Since: 01-01-12
From: UK

Last post: 1 day
Last view: 2 hours
Posted by knuck
End-users shouldn't be dealing directly with HTML tags. What if it was a link to this?

EDIT: Point is, with a bb tag it's easier to parse the link and disallow malicious actions.


the BB tags are mostly there for those who don't know about html.. or don't realise the board supports it.

Or that's just how I see it.


The world could always use more heroes!

knuck
Posted on 01-17-12 09:55 PM Link | ID: 3280

Paragoomba

Level: 19


Posts: 52/73
EXP: 32590
Next: 3187

Since: 01-03-12

Last post: 2534 days
Last view: 2515 days
Posted by Gywall

the BB tags are mostly there for those who don't know about html.. or don't realise the board supports it.

Or that's just how I see it.
I always saw Acmlmboard as potential real-world software, so for me allowing HTML as a security risk, among other things. Of course, Acmlmboard was coded by Acmlm just "for fun", with no intentions of ever having it as "real-world" software I believe.

Arisotura
Posted on 01-17-12 09:57 PM Link | ID: 3281
Developer
there was a girl
Level: 74


Posts: 51/1652
EXP: 3507054
Next: 146490

Since: 01-05-12
From: France

Last post: 189 days
Last view: 174 days
Okay, let's just go and nuke one of the great features unique to Acmlmboard for added security. Oh wait, users would find ways to hax the bbcodes. Let's just not allow anything other than plaintext so that we're not running any risk.

Seriously speaking, I'm all for keeping HTML as much open as we can. An Acmlmboard without HTML isn't an Acmlmboard. It's just yet another boring board software.

____________________
Kuribo64 - melonDS

want some revolution in your coffee?

Kiyoshi
Posted on 01-17-12 09:58 PM (rev. 2 of 01-17-12 09:59 PM by Kiyoshi) Link | ID: 3282
HEY HEY HEY STAY OUTTA MAH SHED
Level: 60


Posts: 244/1016
EXP: 1692331
Next: 80447

Since: 01-02-12

Last post: 2618 days
Last view: 2589 days
Posted by knuck
Posted by Mega-Mario
Let your mouse over me

This is one potential advantage of HTML, among others. Also what is so bad about "a href" and security? wait what are you saying? ABXD never filtered "a href"...
That could be replaced by title sub-attributes in the [ url ] tag.
End-users shouldn't be dealing directly with HTML tags. What if it was a link to this?

EDIT: Point is, with a bb tag it's easier to parse the link and disallow malicious actions.
EDIT2: What if it was an img tag? :P
I do remember a link filter though, maybe Kawa or Arisotura can clear up my confusion. I might be just confused with the <embed> tag.

Edit: what you say is very true, Arisotura
Can we go back on topic now?

____________________
I don't give a flying feather

knuck
Posted on 01-17-12 10:01 PM Link | ID: 3283

Paragoomba

Level: 19


Posts: 53/73
EXP: 32590
Next: 3187

Since: 01-03-12

Last post: 2534 days
Last view: 2515 days
Posted by Mega-Mario
Okay, let's just go and nuke one of the great features unique to Acmlmboard for added security. Oh wait, users would find ways to hax the bbcodes.
You clearly know nothing about compilers and parsing. You should really refrain from talking about technical stuff you know nothing about.

Posted by Mega-Mario
Let's just not allow anything other than plaintext so that we're not running any risk.
:lol:

Posted by Mega-Mario
Seriously speaking, I'm all for keeping HTML as much open as we can. An Acmlmboard without HTML isn't an Acmlmboard. It's just yet another boring board software.
What if we have bb codes for all the needed HTML? Woul you still want "FULL HTML SUPPORT"? It sounds like someone is looking for exploits... ;)

Arisotura
Posted on 01-17-12 10:08 PM Link | ID: 3284
Developer
there was a girl
Level: 74


Posts: 52/1652
EXP: 3507054
Next: 146490

Since: 01-05-12
From: France

Last post: 189 days
Last view: 174 days
Posted by knuck
Posted by Mega-Mario
Okay, let's just go and nuke one of the great features unique to Acmlmboard for added security. Oh wait, users would find ways to hax the bbcodes.
You clearly know nothing about compilers and parsing. You should really refrain from talking about technical stuff you know nothing about.

YOU do not know me enough to say that kind of stuff. I know what I'm talking about. I have been coding for ABXD since a good while now, in case you don't know.

Also, I don't want 'full' HTML support. I said 'as much as open as we can', which doesn't mean 'full' but 'keep the most features possible while blocking out dangerous stuff'.

Besides, cookie stealing on the AB2 branch is a loss of time unless you know the AES256 key that is used to encrypt them (or atleast that's how it was done on AB2.0a1, it may have changed since then).

____________________
Kuribo64 - melonDS

want some revolution in your coffee?

Lili~ ♥
Posted on 01-18-12 07:58 AM Link | ID: 3315
Queen Lesbian of Kafuka
Level: 148


Posts: 157/8412
EXP: 40291210
Next: 87453

Since: 01-06-12

Last post: 987 days
Last view: 951 days

this discussion



Seriously, why can't you just leave everything as it is? After all, it's long been any sysadmin's mantra to never change a running system, and that for a good reason. It works, and that's the most important thing.


knuck
Posted on 01-18-12 09:08 AM Link | ID: 3318

Paragoomba

Level: 19


Posts: 54/73
EXP: 32590
Next: 3187

Since: 01-03-12

Last post: 2534 days
Last view: 2515 days
Posted by Liliana
Seriously, why can't you just leave everything as it is? After all, it's long been any sysadmin's mantra to never change a running system, and that for a good reason. It works, and that's the most important thing.
To be honest, that's an horrible example in this situation. But whatever either way, it's important to be able to use > and < I guess.

Kawa
Posted on 01-18-12 05:26 PM Link | ID: 3343
Retired Staff

Not okay
Prophet of Celestia
Level: 87


Posts: 172/2423
EXP: 6233876
Next: 158898

Since: 01-01-12
From: The Netherlands

Last post: 262 days
Last view: 16 days
Gentlemen?

How about a setting?

Allow <a href>, but only make external links open in a new tab as per the user's settings?

Also, HTML > BBCode, but that's just my opinion and you don't need to share it.

Pages: 1 2 3


Next newer thread | Next older thread
Main - AcmlmBoard II Software/Bug Report Forum - Netiquette (link behaviour) (2)


Acmlmboard v2.5.4 (03/13/2019)
© 2005-2019 Acmlm, Emuz, et al.

Page rendered in 0.119 seconds. (677KB of memory used)
MySQL - queries: 214, rows: 611/644, time: 0.058 seconds.