Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re^5: BBCode Parser in Perl

by tinita (Parson)
on Feb 08, 2011 at 11:53 UTC ( #886933=note: print w/ replies, xml ) Need Help??


in reply to Re^4: BBCode Parser in Perl
in thread BBCode Parser in Perl

it's maybe a good idea if I just allow either proto:// or links starting with a slash. but your example does not do anything in my browsers (opera and iceweasel 3).
if I enter 	 (maybe RT did some double escaping to the bug report?) it will be escaped to 	
If I enter tab or carriage return directly yes I get <a href="jav    ascript:alert(String.fromCharCode(88,83,83))".
but opera and iceweasel do nothing. maybe my browsers are too new. are there browsers that interpret that as valid javascript? oh, I guess MSIE could do. I never test it since I don't have windows here. I think I tested some javascript with newlines in it someday, but I guess I didn't expect that it would really still work in MSIE.

Now, was it so difficult to finally tell me?

update: oh, and by the way, I just looked at your suggested regex:
$var =~ m{\A\w+://|/}i
you'd need to put some parentheses around that after the \A (or repeat the \A before the slash). otherwise anything that has a slash in it will match.


Comment on Re^5: BBCode Parser in Perl
Select or Download Code
Re^6: BBCode Parser in Perl
by $h4X4_&#124;=73}{ (Novice) on Feb 09, 2011 at 00:00 UTC
    update: oh, and by the way, I just looked at your suggested regex: $var =~ m{\A\w+://|/}i you'd need to put some parentheses around that after the \A (or repeat the \A before the slash). otherwise anything that has a slash in it will match.

    woops. something like.
    $var =~ m{\A(?:\w+://|/)}i # or $var =~ m{\A\w+://|\A/}i
Re^6: BBCode Parser in Perl
by $h4X4_&#124;=73}{ (Novice) on Feb 09, 2011 at 11:44 UTC
    Now why did you give me so much crap about my code, when you say you only tested your codes security with "(opera and iceweasel 3)". You know I can make that hack work with those browsers if I really tried and I didn't see anything in your POD saying your BBcode was meant for only "(opera and iceweasel 3)" since they maybe a more secure browser.

    Like I been saying this hole time! I made AUBBC because I tried to contact a past BBcode author, when I didn't get a response I decided to make my own mainly because I thought I could do a better job and I know XSS security. The reason why I wanted to contact the BBcode author was because their code was insecure and may still be!
    Who ever does not believe me can use the other guys crap, trust me it will not hurt my feelings if you do!

    But don't forget who make AUBBC. =-)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://886933]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (8)
As of 2014-08-23 13:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (174 votes), past polls