Paul, You may (or may not!) remember that I had a parse problem on my toplist when editing a link or category - it shows merely the html. The toplist I have is:
<!-- BEGIN TOPLIST 80 --> <CONFIG>links,rand(),1,ascending,banner != '',,,0,0,0,0,0,0,,0</CONFIG> {LINKBANNER} <!-- END TOPLIST 80 -->
The data in LINKBANNER is html (by necessity). This works correctly on all other pages. I can't remember which version this problem started, possibly 4.1 series.
Up until now that never cause a real problem so I basically ignored it!
However, I am now working on a site where it is causing a problem in that the toplist is pushed out of the usual alignment and pushing everything else out. When I edit a link the form does not show properly, see attachment, and the form is impossible to fill in.
On the 'edit' page, I suppose HTML has to be shown unparsed so that you're able to edit it if it happens to be one of the things on the page you're editing.
At any rate, I always recommend against using HTML in field values. If you're typing it yourself, you can use WSN codes. If the submitter is typing it, then it's best not to make them use either (a banner, for example, should be easily handled by just asking for link and image URLs) but if you have to choose one then WSN codes are safer. If I recall there is some protection from XSS attacks built in even if you allow HTML, but there may be other sorts of malicious HTML people could come up with.
0/5
1
2
3
4
5
Sorry, you don't have permission to post posts. Log in, or register if you haven't yet.
Comments on Parse problem on toplist
Expert
Usergroup: Customer
Joined: Aug 19, 2005
Location: England
Total Topics: 391
Total Comments: 1303
Paul, You may (or may not!) remember that I had a parse problem on my toplist when editing a link or category - it shows merely the html. The toplist I have is:
The data in LINKBANNER is html (by necessity). This works correctly on all other pages. I can't remember which version this problem started, possibly 4.1 series.
Up until now that never cause a real problem so I basically ignored it!
However, I am now working on a site where it is causing a problem in that the toplist is pushed out of the usual alignment and pushing everything else out. When I edit a link the form does not show properly, see attachment, and the form is impossible to fill in.
Any ideas?
Attached Files:
Expert
Usergroup: Customer
Joined: Aug 19, 2005
Location: England
Total Topics: 391
Total Comments: 1303
Well I've done a fix so that I can edit ok by putting a width in the div, so although it hasn't solved the parse problem it has enabled me to edit!
If this is a needle in the haystack job don't worry too much as it is not a problem with my div width.
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
On the 'edit' page, I suppose HTML has to be shown unparsed so that you're able to edit it if it happens to be one of the things on the page you're editing.
At any rate, I always recommend against using HTML in field values. If you're typing it yourself, you can use WSN codes. If the submitter is typing it, then it's best not to make them use either (a banner, for example, should be easily handled by just asking for link and image URLs) but if you have to choose one then WSN codes are safer. If I recall there is some protection from XSS attacks built in even if you allow HTML, but there may be other sorts of malicious HTML people could come up with.