The forum of the forums
Welcome to the Official Support Forum of Forumotion!

To take full advantage of everything offered by our forum, please log in if you are already a member, or join our community if you've not yet.



Create a free forum like this one.

Posts with invalid HTML corrupting page

View previous topic View next topic Go down

Posts with invalid HTML corrupting page

Post by sfoop on June 29th 2012, 9:53 am

I've noticed that on our forum, which allows HTML in posts, are able to screw up the page with a smiley like this,

><!?

The resulting HTML if I view source is like

><!?</div>

And Firefox, Chrome, and Safari all end up with screwed up layout. Can it be fixed? Really, the > and < should be translated into entities.

sfoop
Forumember

Posts : 33
Reputation : 2
Language : English

Back to top Go down

Re: Posts with invalid HTML corrupting page

Post by Guest on June 29th 2012, 11:11 am

Hi!

I'm not sure in your mistake, but I can explain the correct XHTML writing of HTML tags:
This is correct:
Code:
<div class="first_div parent">
<div class="children">
Content 1
</div>
</div>

<div class="second_div parent">
<div class="children">
Content 2
</div>
</div>
but it is the same as:
Code:
<div class="first_div parent"><div class="children">Content 1</div></div><div class="second_div parent"><div class="children">Content 2</div></div>
but for this is difficult to orient on editing it.

The incorrect examples:
Code:
<div class="first_div parent">>
<div class="children">
Content 1
</div>
</div>

<div class="second_div parent">
<div class="children">
Content 2<
</div>
<</div>
So, some signs ">" & "<" will appear as a normal text.

You can post your code here, so I will edit it to the correct form. Wink

Guest
Guest


Back to top Go down

Re: Posts with invalid HTML corrupting page

Post by SLGray on June 30th 2012, 12:09 am

L!: sfoop is talking about a smiley code.


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.


SLGray
Administrator
Administrator

Male Posts : 35622
Reputation : 2372
Language : English
Location : United States

http://fmthemes.forumotion.com/

Back to top Go down

Re: Posts with invalid HTML corrupting page

Post by Guest on June 30th 2012, 5:46 am

Oh, so sorry... :shy:

Can you post here the message you're posting on your forum?

Guest
Guest


Back to top Go down

Re: Posts with invalid HTML corrupting page

Post by sfoop on June 30th 2012, 7:38 am

Well, the message ends with

Where the hell our postman is ><!?

the output from the forum is:


The following <dl> is the next item in the search results (I searched for the user's posts). However, you can see that the part in red is being ignored by the browser (this is Firefox's source view).

The browsers actually seem to eat everything until the next >. This user used the same smiley in another post and it ate a whole paragraph.

In this post (here at help.motionforum.net) it's fine, which I assume is because HTML is off.

sfoop
Forumember

Posts : 33
Reputation : 2
Language : English

Back to top Go down

Re: Posts with invalid HTML corrupting page

Post by SLGray on June 30th 2012, 7:44 am

I do not believe you can use that kind of smiley code on your forum.

Must smiley codes look like this:
Code:
:heart:
I love you


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.


SLGray
Administrator
Administrator

Male Posts : 35622
Reputation : 2372
Language : English
Location : United States

http://fmthemes.forumotion.com/

Back to top Go down

Re: Posts with invalid HTML corrupting page

Post by sfoop on June 30th 2012, 7:46 am

This isn't a smiley code, someone is just typing a post. It's a bug in the HTML sanitizer (I assume there is one) when you submit a post.

sfoop
Forumember

Posts : 33
Reputation : 2
Language : English

Back to top Go down

Re: Posts with invalid HTML corrupting page

Post by SLGray on June 30th 2012, 7:49 am

So you are saying that someone posted a message with HTML and a specific smiley, and that smiley is causing problems?


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.


SLGray
Administrator
Administrator

Male Posts : 35622
Reputation : 2372
Language : English
Location : United States

http://fmthemes.forumotion.com/

Back to top Go down

Re: Posts with invalid HTML corrupting page

Post by sfoop on June 30th 2012, 7:52 am

If someone puts this into their post:

<?

It screws everything up, that's all they have to do.

sfoop
Forumember

Posts : 33
Reputation : 2
Language : English

Back to top Go down

Re: Posts with invalid HTML corrupting page

Post by Guest on June 30th 2012, 8:01 am

This is because you activated HTML codes, and the sign ><!? is read by browser as a HTML code. So, or choose another sign wich not contain "<" or ">" or disable your HTML in posts. Wink

Guest
Guest


Back to top Go down

Re: Posts with invalid HTML corrupting page

Post by sfoop on June 30th 2012, 8:08 am

The forum should be escaping (sanitizing) any unused > and < into &lt; and &gt; for safety. If it doesn't support that, I'll turn HTML off.

sfoop
Forumember

Posts : 33
Reputation : 2
Language : English

Back to top Go down

Re: Posts with invalid HTML corrupting page

Post by LGforum on June 30th 2012, 10:04 am

HTML should be turned off for security reasons anyway. HTML in posts still allows style tags, iframe tags, and these forum softwarea are too old to prevent certain HTML 5 tags that could cause issues.
It basically gets rid of script tags and inline event handlers and thinks its safe.

LGforum
Hyperactive

Male Posts : 2254
Reputation : 254
Language : English
Location : UK

http://www.avacweb.com/

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum