Webmastersite.net
Register Log In

Parse problem on toplist

Comments on Parse problem on toplist

babrees
Expert

Usergroup: Customer
Joined: Aug 19, 2005
Location: England

Total Topics: 391
Total Comments: 1303
babrees
Posted Apr 04, 2008 - 11:08 AM:

Paul, You may (or may not!) remember that I had a parse problem on my toplist when editing a link or category - it shows merely the html. The toplist I have is:

<!-- BEGIN TOPLIST 80 -->
<CONFIG>links,rand(),1,ascending,banner != '',,,0,0,0,0,0,0,,0</CONFIG>
{LINKBANNER}
<!-- END TOPLIST 80 -->


The data in LINKBANNER is html (by necessity). This works correctly on all other pages. I can't remember which version this problem started, possibly 4.1 series.

Up until now that never cause a real problem so I basically ignored it!

However, I am now working on a site where it is causing a problem in that the toplist is pushed out of the usual alignment and pushing everything else out. When I edit a link the form does not show properly, see attachment, and the form is impossible to fill in.

Any ideas?

Attached Files:
babrees
Expert

Usergroup: Customer
Joined: Aug 19, 2005
Location: England

Total Topics: 391
Total Comments: 1303
babrees
Posted Apr 04, 2008 - 12:42 PM:

Well I've done a fix so that I can edit ok by putting a width in the div, so although it hasn't solved the parse problem it has enabled me to edit!

If this is a needle in the haystack job don't worry too much as it is not a problem with my div width.
Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
Posted Apr 04, 2008 - 9:49 PM:

On the 'edit' page, I suppose HTML has to be shown unparsed so that you're able to edit it if it happens to be one of the things on the page you're editing.

At any rate, I always recommend against using HTML in field values. If you're typing it yourself, you can use WSN codes. If the submitter is typing it, then it's best not to make them use either (a banner, for example, should be easily handled by just asking for link and image URLs) but if you have to choose one then WSN codes are safer. If I recall there is some protection from XSS attacks built in even if you allow HTML, but there may be other sorts of malicious HTML people could come up with.
Search thread for
Download thread as
  • 0/5
  • 1
  • 2
  • 3
  • 4
  • 5



Sorry, you don't have permission to post posts. Log in, or register if you haven't yet.