MyBB Community Forums

(2016-01-23, 11:31 AM)Blackbeard Wrote: [ -> ]can someone post a preview please? main post image doesn't work.

If you want to see in use pm me. You can also resize the frame.

no need, thanks. Looks very nice!

Removed post?

^ not sure if the code is still valid - at present it is available through archive.org capture

A small update

Title

spotify

Regular expression

\[spotify=(album|track|playlist)\](.*?)\[/spotify\]

Replacement

<iframe src="https://open.spotify.com/embed/$1/$2" width="300" height="80" frameborder="0" allowtransparency="true" allow="encrypted-media"></iframe>

Examples
[spotify=track]3A9CyZ67l8GR6MRqNThS3s[/spotify]

[spotify=playlist]3cqyIkP2DDmWc5iExmbTld[/spotify]

[spotify=album]4Yv09HhX5L4fvlHHpTZ9UW[/spotify]

Result

interesting tutorial. However, isn't spotify if not logged in, it only shows a preview of the song?

It's only shows 30 seconds even if I logged on Spotify. Is there any update for this?

(2020-04-29, 07:03 PM)Mixy Wrote: [ -> ]A small update

Title

spotify

Regular expression

\[spotify=(album|track|playlist)\](.*?)\[/spotify\]

Replacement

<iframe src="https://open.spotify.com/embed/$1/$2" width="300" height="80" frameborder="0" allowtransparency="true" allow="encrypted-media"></iframe>

Examples
[spotify=track]3A9CyZ67l8GR6MRqNThS3s[/spotify]

[spotify=playlist]3cqyIkP2DDmWc5iExmbTld[/spotify]

[spotify=album]4Yv09HhX5L4fvlHHpTZ9UW[/spotify]

Result

XSS vulnerable. Do not use.

Is there a way to make Mixy's MyCode not be XSS vulnerable?

Would modifying the regex to be:
\[spotify=(album|track|playlist)\]([a-zA-Z0-9-_]+)\[/spotify\] (restricts the second capturing group to only alphanumeric characters, hyphens, and underscores)
be enough to prevent XSS vulnerabilities?