Viewing comments on ndke's profile Offline
ndke

Name: Niels
Age: 26
Location: Belgium

Description:
A guy who really likes to create music and to be creative. Also a programmer from time to time.

My soundcloud: https://soundcloud.com/imnobodyhere


Registered: 31 August 2016

View User's Forum Profile
Comments

I'm also adding the YoYo Games archive script to GitHub now.

I fixed the "Direct access files issue" using if (!defined('indiemendable')) statements, just need to commit the files on GitHub now. :)

I have no idea why the Simple Machines forums' MySQL databases keep crashing, I just kept importing the backup .sql files, because letting MariaDB repairing always fails (previously I had the same problem with Oracle MySQL), but that makes the forums unusable for getting help with programming.

Hello Niels, I'm going to look at the issue you posted on GitHub this afternoon and commit lots of stuff from earlier afternoons I didn't commit yet. :)

I'm also working on this thing for use in class rooms for learning basic programming. I built a very basic GML interpreter for it, but it isn't working yet. http://reevaluate.mooo.com/

You should add an attribute whitelist too, so you can't mess with giant width & height and the style attribute. Then it should be safe I think.

Actually this part of the website doesn't use BBCode (which actually doesn't allow HTML, but it's also got more extra features like marquees, colors, background colors, etc.), but Markdown, very similar to this: http://meta.stackexchange.com/questions/1777/what-html-tags-are-allowed-on-stack-exchange-sites

I agree with your opinion on iframe, so now it's not there anymore, now I'm using the Stack Overflow website's same allowed HTML tags.

Reguler users are never going to use HTML tags and are used to BBCode. By the way, don't allow iframe, you can do bad things and potentially break out the iframe and inject code with some javascript.

Actually, it is better to completely disallow HTML tags and force users to use BBCode. There is no "nice" fix because you can always add attributes to an HTML tag. I find that if you allow such CSS tricks, it can annoy other users and it's actually a bit of a security vulnerability.

I don't know how to fix the position: fixed; CSS thing at the moment though. Could you remove it from your description for now maybe? It's a bit distracting. :D

Wikipedia does allow style="position: fixed" on their user pages by the way, so maybe it'd be nice to make it available here too. :)

I fixed most of the script tag things by using the strip_tags function. These are the tags I allow at the moment. Any suggestions?

//Constants
define('ALLOWED_TAGS','<div><span><pre><p><br><hr><hgroup><h1><h2><h3><h4><h5><h6><ul><ol><li><dl><dt><dd><strong><em><b><i><u><img><a><abbr><address><blockquote><area><audio><video><form><fieldset><label><input><textarea><caption><table><tbody><td><tfoot><th><thead><tr><iframe>',true);

A code block in the comments is defined by a so called tilde fence (a line filled with ~, before and after the code) from Markdown by the way. ;)

Dansende img tags ftw

WOW ik moet dit snel oplossen. Ik wordt er duizelig van. xDD

Haha! I need to put a restriction on <script> too now I see. xD

NOTE: To report a comment, you need to be logged in.