View previous topic :: View next topic |
Author |
Message |
luckylace222 Site Helper
Joined: 05 May 2007 Posts: 1545 Location: Baby Fishy
|
Posted: Mon Jan 16, 2012 4:34 pm Post subject: Comments Moved to Right |
|
|
After commenting on a new user's page, my comment was moved snugly to the right. Is there a reason for this format? Everyone else's comment format is the same, just not this one.
http://img193.imageshack.us/img193/3012/74727551.png _________________ [size=10]“Far better is it to dare mighty things, to win glorious triumphs, even though checked by failure...than to rank with those poor spirits who neither enjoy much nor suffer much, because they live in a gray twilight that knows not victory nor defeat.” ~Theodore Roosevelt [/size] |
|
Back to top |
|
|
cstdenis Evil Overlord
Joined: 31 Dec 1969 Posts: 6490 Location: In the tubes.
|
Posted: Mon Jan 16, 2012 5:35 pm Post subject: |
|
|
Bad HTML in the blog post is breaking the layout. _________________ You will obey or molten silver will be poured into your ears. |
|
Back to top |
|
|
Stratadrake Elder Than Dirt
Joined: 05 May 2004 Posts: 13710 Location: Moo
|
Posted: Mon Jan 16, 2012 8:00 pm Post subject: |
|
|
Wow. How did that happen ... and how do we prevent it? (Better bbCode parsing for one, but still.)
Aha. This is using an external blog feed, and the excerpt processing cut it off right in the middle of an HTML tag -- mid-CSS in fact:
[code:1]<!-- Box Blog Start -->
<div class="box"><div class='boxheader' style='clear:both'>Blog (<i><a href=http://luphasiadrama.blogspot.com/>More</a></i>)</div>
<div class="boxbody">
<div class="separator" style="clear: both; text-align: center;"><img border="0" height="400" width="343" src="http://1.bp.blogspot.com/-yPp-RvH900U/Tp7vcoiaV8I/AAAAAAAACWU/x7bs_azjxOg/s400/TKQfe.jpg" /></div><br /><br /><span style="color: rgb(175, 238, 238);"><blockquote><img src="http://dl6.glitter-graphics.net/pub/440/440576q8wrax7se2.gif" width=13 height=12 border=0> Description: Track 5<br /><img src="http://dl6.glitter-graphics.net/pub/440/440576q8wrax7se2.gif" width=13 height=12 border=0> Album : THE BOYS<br /><img src="http://dl6.glitter-graphics.net/pub/440/440576q8wrax7se2.gif" width=13 height=12 border=0> Vocal : Girl's Generation (소녀시대)</blockquote></span><br /><br /><center><div style="overflow:auto;width:450px;height:500px;padding:0px;border:1px dashed #8FD6F2"><table border="0" width="420"><tbody><tr bgcolor="#81D7F4"><td align="center">Romanization</td><td align="center">Hangul</td><tr align="left"><td align="right"><span style="color: rgb(255, 153, 204);font-si </div>
</div>
<!-- Box Blog End -->[/code:1]
This bug can be isolated to /feed.php.inc, line 36 where it uses a plain substr() to chop the article text off at a certain point without regards for HTML or CSS validity.
Damn . . . this is NOT going to be an easy fix. _________________ Strata here: [url=http://www.nanowrimo.org/eng/user/242293]Nanowrimo[/url] - [url=www.fanart-central.net/user-Stratadrake.php]FAC[/url] - [url=http://stratadrake.deviantart.com]dA[/url] - [url=www.furaffinity.net/user/Stratadrake/]FA[/url]
[size=9]Disclaimer: Posts may contain URLs. Click [url=http://tvtropes.org/pmwiki/pmwiki.php/Main/TVTropesWillRuinYourLife]at your own risk.[/url][/size] |
|
Back to top |
|
|
cstdenis Evil Overlord
Joined: 31 Dec 1969 Posts: 6490 Location: In the tubes.
|
Posted: Mon Jan 16, 2012 9:24 pm Post subject: |
|
|
Doing a clean substring on a block of html code is never going to be easy....
I think there is also the potentially serious problem of these blog feeds can be a serious security problem in terms of XSS/XSRF/JS injection.
New site version does not implement this feature (just local blogs). I think for security reasons, it may be necessary to keep it that way -- just link to the external blog instead.
There are ways to work around it somewhat, but they of course come with their own issues and are not necessarily perfect.
http://www.yiiframework.com/doc/api/1.1/CHtmlPurifier _________________ You will obey or molten silver will be poured into your ears. |
|
Back to top |
|
|
Stratadrake Elder Than Dirt
Joined: 05 May 2004 Posts: 13710 Location: Moo
|
Posted: Tue Jan 17, 2012 8:00 am Post subject: |
|
|
So what do we do? You're right, this has serious potential for HTML abuse. _________________ Strata here: [url=http://www.nanowrimo.org/eng/user/242293]Nanowrimo[/url] - [url=www.fanart-central.net/user-Stratadrake.php]FAC[/url] - [url=http://stratadrake.deviantart.com]dA[/url] - [url=www.furaffinity.net/user/Stratadrake/]FA[/url]
[size=9]Disclaimer: Posts may contain URLs. Click [url=http://tvtropes.org/pmwiki/pmwiki.php/Main/TVTropesWillRuinYourLife]at your own risk.[/url][/size] |
|
Back to top |
|
|
cstdenis Evil Overlord
Joined: 31 Dec 1969 Posts: 6490 Location: In the tubes.
|
Posted: Tue Jan 17, 2012 12:37 pm Post subject: |
|
|
Short term -- probably nothing, unless it starts to get abused.
Long term -- drop the blog feed feature. _________________ You will obey or molten silver will be poured into your ears. |
|
Back to top |
|
|
Stratadrake Elder Than Dirt
Joined: 05 May 2004 Posts: 13710 Location: Moo
|
Posted: Tue Jan 17, 2012 7:40 pm Post subject: |
|
|
In other words, give it a kill switch. Can do. _________________ Strata here: [url=http://www.nanowrimo.org/eng/user/242293]Nanowrimo[/url] - [url=www.fanart-central.net/user-Stratadrake.php]FAC[/url] - [url=http://stratadrake.deviantart.com]dA[/url] - [url=www.furaffinity.net/user/Stratadrake/]FA[/url]
[size=9]Disclaimer: Posts may contain URLs. Click [url=http://tvtropes.org/pmwiki/pmwiki.php/Main/TVTropesWillRuinYourLife]at your own risk.[/url][/size] |
|
Back to top |
|
|
|