vBulletin configuration suggestion

jfriendjfriend Registered Users Posts: 8,097 Major grins
edited September 13, 2008 in Dgrin Forum Support
Why does the dgrin software not allow people to type html tags? I'm not talking about inserting live HTML into a posting. I'm talking about the visible text that shows as HTML tags, but is actually escaped using entities so that no browser thinks they are HTML tags. Thus, when I type <html>, why doesn't vBulletin insert <html> which would show as <html> for viewers, but not be active for browsers.

This seems perfectly doable (from a technlogy point of view) with no risk and I'd be very surprised if vBulletin didn't have this feature somehow. I think we used to be able to type HTML tags a few years ago. The same goes for <script> tags. Why can't I type those and have them escaped with entities just like they would be if I used any other editor worth it's salt?

This is making it a LOT, LOT harder for people to help one another with HTML coding and scripting issues. There's no way to put the exact text into a posting that the person you are helping can just copy/paste into their page.

FYI, the examples above are using a trick I've learned, but most people don't know. If you boldface both the < and > then vBulletin won't strip them and they won't be active either (exactly what you want). But, most people don't know this and it's a lot of extra work when trying to communicate a bunch of code.
--John
HomepagePopular
JFriend's javascript customizationsSecrets for getting fast answers on Dgrin
Always include a link to your site when posting a question

Comments

  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited September 13, 2008
    Hi John, I have HTML enabled in many forums, including the Support Forums. We don't allow script tags because they can be used maliciously.

    It's not enabled in the Customizing Forum because Allen & Ivar don't want it there, it messes up the ability to post HTML examples.

    Where is there an issue that I'm missing - I'll see what can be done.

    EDIT: I made it so you use HTML examples in the SmugMug Support forum, too.
  • jfriendjfriend Registered Users Posts: 8,097 Major grins
    edited September 13, 2008
    Andy wrote:
    Hi John, I have HTML enabled in many forums, including the Support Forums. We don't allow script tags because they can be used maliciously.

    Where is there an issue that I'm missing - I'll see what can be done.
    I don't think you understand what I'm asking for. I don't want live HTML or SCRIPT tags. I want the ability to type <script> and have that text show as <script> which requires the software to put in <script> as actual HTML. If I type <a href="...">, I don't want that to be a live tag. I want it to show as that text.

    As far as I know, there is ZERO risk in having <script> in the text which visually shows as <script>, yet allows us to communicate much more clearly when helping people out with scripting issues. I've had to give up on pasting javascript into messages and resort to attachments which might be tolerable for the one person it's destined for, but makes it so pretty much nobody else sees it or learns from it and most people don't even know to do that.

    Do you think this already works in some forums? I've been having both my HTML and my Javascript ripped out of my postings and has made it very frustrating to help people.
    --John
    HomepagePopular
    JFriend's javascript customizationsSecrets for getting fast answers on Dgrin
    Always include a link to your site when posting a question
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited September 13, 2008
    jfriend wrote:
    Do you think this already works in some forums? I've been having both my HTML and my Javascript ripped out of my postings and has made it very frustrating to help people.
    please go put some html in the Support and customizing forums. It works :D LMK if it doesn't for you. Script tags will not work, we have them blocked on purpose.
  • jfriendjfriend Registered Users Posts: 8,097 Major grins
    edited September 13, 2008
    Andy wrote:
    please go put some html in the Support and customizing forums. It works :D LMK if it doesn't for you. Script tags will not work, we have them blocked on purpose.

    Why aren't I allowed to type the text <script>? If it's textified by vBulletin, it's not active for any browser (because there is no < or > in the actual text and there is no danger and no risk to anyone.

    I'll see if I can find where all my HTML was destroyed when I posted.
    --John
    HomepagePopular
    JFriend's javascript customizationsSecrets for getting fast answers on Dgrin
    Always include a link to your site when posting a question
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited September 13, 2008
    jfriend wrote:
    Why aren't I allowed to type the text <script>? If it's textified by vBulletin, it's not active for any browser (because there is no < or > in the actual text and there is no danger and no risk to anyone.

    I'll see if I can find where all my HTML was destroyed when I posted.

    Hi John, we don't allow script tags on the forum anywhere, they can be used in an unsafe manner. I'm really, really sorry :( You can use s*cript instead.

    I'm really sorry, I wish I had a better answer for you, John.
  • jfriendjfriend Registered Users Posts: 8,097 Major grins
    edited September 13, 2008
    Andy wrote:
    Hi John, we don't allow script tags on the forum anywhere, they can be used in an unsafe manner. I'm really, really sorry :( You can use s*cript instead.

    I'm really sorry, I wish I had a better answer for you, John.
    I'd love for someone to tell me how <script> in the underlying posting (which would visually show as <script>) is unsafe. That sounds like a myth to me.
    --John
    HomepagePopular
    JFriend's javascript customizationsSecrets for getting fast answers on Dgrin
    Always include a link to your site when posting a question
  • jfriendjfriend Registered Users Posts: 8,097 Major grins
    edited September 13, 2008
    Andy wrote:
    LMK if it doesn't for you.

    All HTML was stripped from my postings in this thread. It's in the Pro Sales Support forum.
    --John
    HomepagePopular
    JFriend's javascript customizationsSecrets for getting fast answers on Dgrin
    Always include a link to your site when posting a question
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited September 13, 2008
    jfriend wrote:
    All HTML was stripped from my postings in this thread. It's in the Pro Sales Support forum.
    moved it to customizing with a redirct. Go and repost your html pls :)
  • jfriendjfriend Registered Users Posts: 8,097 Major grins
    edited September 13, 2008
    Andy wrote:
    moved it to customizing with a redirct. Go and repost your html pls :)
    The thread is done now. I even tried the HTML inside a the CODE brackets and it was still stripped. I don't understand why textified HTML or SCRIPT can't be allowed. Is there a pointer that explains the risk?
    --John
    HomepagePopular
    JFriend's javascript customizationsSecrets for getting fast answers on Dgrin
    Always include a link to your site when posting a question
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited September 13, 2008
    jfriend wrote:
    The thread is done now. I even tried the HTML inside a the CODE brackets and it was still stripped. I don't understand why textified HTML or SCRIPT can't be allowed. Is there a pointer that explains the risk?
    Yeah what I'm saying is, it works now :D

    http://www.dgrin.com/showthread.php?p=920580#post920580

    (i'll delete that soon).

    The pointer is our sorcerers and Baldy. Sorry John!
  • jfriendjfriend Registered Users Posts: 8,097 Major grins
    edited September 13, 2008
    Andy wrote:
    Yeah what I'm saying is, it works now :D

    http://www.dgrin.com/showthread.php?p=920580#post920580

    (i'll delete that soon).

    The pointer is our sorcerers and Baldy. Sorry John!

    I see that it works in customizing. That's just not where the other person started the thread and I was communicating with him.
    --John
    HomepagePopular
    JFriend's javascript customizationsSecrets for getting fast answers on Dgrin
    Always include a link to your site when posting a question
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited September 13, 2008
    jfriend wrote:
    I see that it works in customizing. That's just not where the other person started the thread and I was communicating with him.
    Yeah. So I can make it so, in Pro Sales Support - but then Videos and Slideshow won't embed. I'll see....

    Thanks John!
  • denisegoldbergdenisegoldberg Administrators Posts: 14,385 moderator
    edited September 13, 2008
    Andy wrote:
    Yeah what I'm saying is, it works now :D

    http://www.dgrin.com/showthread.php?p=920580#post920580

    (i'll delete that soon).

    The pointer is our sorcerers and Baldy. Sorry John!
    Andy -
    Thank you for that change - and please pass my thanks on to Baldy & the sorcerers. It will be very nice not to need to format HTML in order to paste it in the customization forum.

    --- Denise
  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited September 13, 2008
    Andy -
    Thank you for that change - and please pass my thanks on to Baldy & the sorcerers. It will be very nice not to need to format HTML in order to paste it in the customization forum.

    --- Denise
    cool!
  • jfriendjfriend Registered Users Posts: 8,097 Major grins
    edited September 13, 2008
    Andy wrote:
    Yeah. So I can make it so, in Pro Sales Support - but then Videos and Slideshow won't embed. I'll see....

    Thanks John!

    Thanks. I wasn't aware that embedding videos and slideshows were things people need to do frequently. I would have thought that links are probably better in most cases anyway.
    --John
    HomepagePopular
    JFriend's javascript customizationsSecrets for getting fast answers on Dgrin
    Always include a link to your site when posting a question
  • AllenAllen Registered Users Posts: 10,013 Major grins
    edited September 13, 2008
    Tricks to fool forum. Bold all the <'s
    <html>
    <li>
    <div>

    ********>
    and the s in script
    <script>
    </script>

    Bold the s and it shows.

    <[b]s[/b]cript>

    When pasting html bold all the <'s

    [b]<[/b]div>

    [b]<[/b]li>

    [b]<[/b]a href="...."> [b]<[/b]a>

    Bolded the ['s so the tags would also show.

    It's also safe to bold the : and . in a link so your site won't be found by search engines.

    http[b]:[/b]//mysite[b].[/b]com
    Al - Just a volunteer here having fun
    My Website index | My Blog
Sign In or Register to comment.