• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

More HTML/FT Shenanigans

ViRGE

ViRGE

Elite Member, Moderator Emeritus
Over in this thread I noticed that Joedrake had a very unusual sig. Now coupled with the previous issues we've had with people giving themselves "special" avatars, it seems like there's some shenanigans going on with HTML and FT. So what's going on mods, is there an exploit in FT that's letting people inject custom HTML in to their posts/avatars? And if so, are you going to be cracking down on abusers until it's fixed?
 
Well, there was an opening for a .NET programmer. Perhaps it is still open? Reel should apply 😛

It is javascript BTW.
 
Originally posted by: Evadman
Well, there was an opening for a .NET programmer. Perhaps it is still open? Reel should apply 😛

It is javascript BTW.
Click to expand...

Heavens no. This is just an input validation exploit. Besides, I like my job! It is completely non-invasive in the form that I did. However, if someone used it in a malicious way, it could allow them to hijack your session. It does need to be fixed. I am told that they have been informed and Jason Clark is usually pretty good at patching these things.
 
Originally posted by: Reel
Originally posted by: Evadman
Well, there was an opening for a .NET programmer. Perhaps it is still open? Reel should apply 😛

It is javascript BTW.
Click to expand...

Heavens no. This is just an input validation exploit. Besides, I like my job! It is completely non-invasive in the form that I did. However, if someone used it in a malicious way, it could allow them to hijack your session. It does need to be fixed. I am told that they have been informed and Jason Clark is usually pretty good at patching these things.
Click to expand...
Ahh, I'm glad to hear they know about it and are doing something about it. The custom sigs are just anoying, but I'm always afraid someone will sneak in a Goastse flash or something similarly rotten, so it's good to hear they're on top of things.🙂
 
Originally posted by: Reel
Heavens no. This is just an input validation exploit. Besides, I like my job! It is completely non-invasive in the form that I did. However, if someone used it in a malicious way, it could allow them to hijack your session. It does need to be fixed. I am told that they have been informed and Jason Clark is usually pretty good at patching these things.
Click to expand...
That is the problem with handling the form validation only on the client side.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top