vBulletin configuration suggestion

jfriend

Why does the dgrin software not allow people to type html tags? I'm not talking about inserting live HTML into a posting. I'm talking about the visible text that shows as HTML tags, but is actually escaped using entities so that no browser thinks they are HTML tags. Thus, when I type <html>, why doesn't vBulletin insert <html> which would show as <html> for viewers, but not be active for browsers.

This seems perfectly doable (from a technlogy point of view) with no risk and I'd be very surprised if vBulletin didn't have this feature somehow. I think we used to be able to type HTML tags a few years ago. The same goes for <script> tags. Why can't I type those and have them escaped with entities just like they would be if I used any other editor worth it's salt?

This is making it a LOT, LOT harder for people to help one another with HTML coding and scripting issues. There's no way to put the exact text into a posting that the person you are helping can just copy/paste into their page.

FYI, the examples above are using a trick I've learned, but most people don't know. If you boldface both the < and > then vBulletin won't strip them and they won't be active either (exactly what you want). But, most people don't know this and it's a lot of extra work when trying to communicate a bunch of code.

Andy

Hi John, I have HTML enabled in many forums, including the Support Forums. We don't allow script tags because they can be used maliciously.

It's not enabled in the Customizing Forum because Allen & Ivar don't want it there, it messes up the ability to post HTML examples.

Where is there an issue that I'm missing - I'll see what can be done.

EDIT: I made it so you use HTML examples in the SmugMug Support forum, too.

jfriend

Andy wrote:

Hi John, I have HTML enabled in many forums, including the Support Forums. We don't allow script tags because they can be used maliciously.

Where is there an issue that I'm missing - I'll see what can be done.

I don't think you understand what I'm asking for. I don't want live HTML or SCRIPT tags. I want the ability to type <script> and have that text show as <script> which requires the software to put in <script> as actual HTML. If I type <a href="...">, I don't want that to be a live tag. I want it to show as that text.

As far as I know, there is ZERO risk in having <script> in the text which visually shows as <script>, yet allows us to communicate much more clearly when helping people out with scripting issues. I've had to give up on pasting javascript into messages and resort to attachments which might be tolerable for the one person it's destined for, but makes it so pretty much nobody else sees it or learns from it and most people don't even know to do that.

Do you think this already works in some forums? I've been having both my HTML and my Javascript ripped out of my postings and has made it very frustrating to help people.

Andy

jfriend wrote:

Do you think this already works in some forums? I've been having both my HTML and my Javascript ripped out of my postings and has made it very frustrating to help people.

please go put some html in the Support and customizing forums. It works LMK if it doesn't for you. Script tags will not work, we have them blocked on purpose.

jfriend

Andy wrote:

please go put some html in the Support and customizing forums. It works LMK if it doesn't for you. Script tags will not work, we have them blocked on purpose.

Why aren't I allowed to type the text <script>? If it's textified by vBulletin, it's not active for any browser (because there is no < or > in the actual text and there is no danger and no risk to anyone.

I'll see if I can find where all my HTML was destroyed when I posted.

Andy

jfriend wrote:

Why aren't I allowed to type the text <script>? If it's textified by vBulletin, it's not active for any browser (because there is no < or > in the actual text and there is no danger and no risk to anyone.

I'll see if I can find where all my HTML was destroyed when I posted.

Hi John, we don't allow script tags on the forum anywhere, they can be used in an unsafe manner. I'm really, really sorry You can use s*cript instead.

I'm really sorry, I wish I had a better answer for you, John.

jfriend

Andy wrote:

Hi John, we don't allow script tags on the forum anywhere, they can be used in an unsafe manner. I'm really, really sorry You can use s*cript instead.

I'm really sorry, I wish I had a better answer for you, John.

I'd love for someone to tell me how <script> in the underlying posting (which would visually show as <script>) is unsafe. That sounds like a myth to me.

jfriend

Andy wrote:

LMK if it doesn't for you.

All HTML was stripped from my postings in this thread. It's in the Pro Sales Support forum.

Andy

jfriend wrote:

All HTML was stripped from my postings in this thread. It's in the Pro Sales Support forum.

moved it to customizing with a redirct. Go and repost your html pls

jfriend

Andy wrote:

moved it to customizing with a redirct. Go and repost your html pls

The thread is done now. I even tried the HTML inside a the CODE brackets and it was still stripped. I don't understand why textified HTML or SCRIPT can't be allowed. Is there a pointer that explains the risk?

Andy

jfriend wrote:

The thread is done now. I even tried the HTML inside a the CODE brackets and it was still stripped. I don't understand why textified HTML or SCRIPT can't be allowed. Is there a pointer that explains the risk?

Yeah what I'm saying is, it works now

http://www.dgrin.com/showthread.php?p=920580#post920580

(i'll delete that soon).

The pointer is our sorcerers and Baldy. Sorry John!

jfriend

Andy wrote:

Yeah what I'm saying is, it works now

http://www.dgrin.com/showthread.php?p=920580#post920580

(i'll delete that soon).

The pointer is our sorcerers and Baldy. Sorry John!

I see that it works in customizing. That's just not where the other person started the thread and I was communicating with him.

Andy

jfriend wrote:

I see that it works in customizing. That's just not where the other person started the thread and I was communicating with him.

Yeah. So I can make it so, in Pro Sales Support - but then Videos and Slideshow won't embed. I'll see....

Thanks John!

denisegoldberg

Andy wrote:

Yeah what I'm saying is, it works now

http://www.dgrin.com/showthread.php?p=920580#post920580

(i'll delete that soon).

The pointer is our sorcerers and Baldy. Sorry John!

Andy -
Thank you for that change - and please pass my thanks on to Baldy & the sorcerers. It will be very nice not to need to format HTML in order to paste it in the customization forum.

--- Denise

Andy

denisegoldberg wrote:

Andy -
Thank you for that change - and please pass my thanks on to Baldy & the sorcerers. It will be very nice not to need to format HTML in order to paste it in the customization forum.

--- Denise

cool!

jfriend

Andy wrote:

Yeah. So I can make it so, in Pro Sales Support - but then Videos and Slideshow won't embed. I'll see....

Thanks John!

Thanks. I wasn't aware that embedding videos and slideshows were things people need to do frequently. I would have thought that links are probably better in most cases anyway.

Allen

Tricks to fool forum. Bold all the <'s
<html>
<li>
<div>

********>
and the s in script
<script>
</script>

Bold the s and it shows.

<[b]s[/b]cript>

When pasting html bold all the <'s

[b]<[/b]div>

[b]<[/b]li>

[b]<[/b]a href="...."> [b]<[/b]a>

Bolded the ['s so the tags would also show.

It's also safe to bold the : and . in a link so your site won't be found by search engines.

http[b]:[/b]//mysite[b].[/b]com