(2013-03-20, 10:54 PM)Jambuster Wrote: [ -> ]You literally told the OP that you DONT KNOW if its safe or not at the end of your post. Its you that needs to educate yourself before you come on blabbering gibberish.
He's using a template that contains javascript. The html has user input, which if not sanitized is open to sql injection.
Don't come on here mouthing off on something you are obviously oblivious to.
Forgot I'm one of the better designers/coders available for MyBB and I don't know what I'm talking about.
But you are incorrect. Have you not noticed that every single template is "raw html and javascript"? That's kind of what they're for...
if there any dynamic content in the html? are you just using the template system for the header and footer and then hoping to push your own data in between?
(2013-03-20, 11:07 PM)Johnny S Wrote: [ -> ] (2013-03-20, 10:54 PM)Jambuster Wrote: [ -> ]You literally told the OP that you DONT KNOW if its safe or not at the end of your post. Its you that needs to educate yourself before you come on blabbering gibberish.
He's using a template that contains javascript. The html has user input, which if not sanitized is open to sql injection.
Don't come on here mouthing off on something you are obviously oblivious to.
The whole table structure (<table><tr><td>Content</td></tr></table> is html only (with javascript) and those inputs aren't even connected to forum db.His html code has huge amount of lines and after saving the pasted content in template half of the pasted content is gone.His question would be "is there any way to increase character limit in forum templates so that he can paste his html content inside without automatic erasing half of the pasted content after the template is saved".
No connected to his forum database ? I think all you guys are missing this part. He INSERTING all this data into a database table, directly, html and javascript.
(2013-03-20, 11:12 PM)Jambuster Wrote: [ -> ] (2013-03-20, 11:07 PM)Johnny S Wrote: [ -> ] (2013-03-20, 10:54 PM)Jambuster Wrote: [ -> ]You literally told the OP that you DONT KNOW if its safe or not at the end of your post. Its you that needs to educate yourself before you come on blabbering gibberish.
He's using a template that contains javascript. The html has user input, which if not sanitized is open to sql injection.
Don't come on here mouthing off on something you are obviously oblivious to.
The whole table structure (<table><tr><td>Content</td></tr></table> is html only (with javascript) and those inputs aren't even connected to forum db.His html code has huge amount of lines and after saving the pasted content in template half of the pasted content is gone.His question would be "is there any way to increase character limit in forum templates so that he can paste his html content inside without automatic erasing half of the pasted content after the template is saved".
No connected to his forum database ? I think all you guys are missing this part. He INSERTING all this data into a database table, directly, html and javascript.
So if I add a <br /> to my forum header, is it not directly being inserted into a database table? srsly?
(2013-03-20, 11:12 PM)Jambuster Wrote: [ -> ]No connected to his forum database ? I think all you guys are missing this part. He INSERTING all this data into a database table, directly, html and javascript.
i think you are missing how these things work.
if the data he is trying to push into the template is not based on user input and it is simply static HTML, then there is no sanitation issue as long as what the OP puts in is safe to start with.
(2013-03-20, 11:09 PM)Jason L. Wrote: [ -> ] (2013-03-20, 10:54 PM)Jambuster Wrote: [ -> ]You literally told the OP that you DONT KNOW if its safe or not at the end of your post. Its you that needs to educate yourself before you come on blabbering gibberish.
He's using a template that contains javascript. The html has user input, which if not sanitized is open to sql injection.
Don't come on here mouthing off on something you are obviously oblivious to.
Forgot I'm one of the better designers/coders available for MyBB and I don't know what I'm talking about.
But you are incorrect. Have you not noticed that every single template is "raw html and javascript"? That's kind of what they're for...
Lmao, jason. Your the designer that developing themes in 2013 using tables pfttt lol.
Im not even gonna explain what i mean by "raw", you seem to be a little dumb struck at the moment lol.
(2013-03-20, 11:16 PM)Jambuster Wrote: [ -> ]Lmao, jason. Your the designer that developing themes in 2013 using tables pfttt lol.
Im not even gonna explain what i mean by "raw", you seem to be a little dumb struck at the moment lol.
there is absolutely nothing wrong with tables for tabular data, even in 2013. now tables for general layout is old school
(2013-03-20, 11:16 PM)pavemen Wrote: [ -> ] (2013-03-20, 11:12 PM)Jambuster Wrote: [ -> ]No connected to his forum database ? I think all you guys are missing this part. He INSERTING all this data into a database table, directly, html and javascript.
i think you are missing how these things work.
if the data he is trying to push into the template is not based on user input and it is simply static HTML, then there is no sanitation issue as long as what the OP puts in is safe to start with.
It is based on user input, how many times do I need to point this out lol. And theres tons of javascript too, its not just html
(2013-03-20, 11:17 PM)pavemen Wrote: [ -> ] (2013-03-20, 11:16 PM)Jambuster Wrote: [ -> ]Lmao, jason. Your the designer that developing themes in 2013 using tables pfttt lol.
Im not even gonna explain what i mean by "raw", you seem to be a little dumb struck at the moment lol.
there is absolutely nothing wrong with tables for tabular data, even in 2013. now tables for general layout is old school
Yes for data, but not entire layouts. Thats just prehistoric stuff lol
(2013-03-20, 11:16 PM)Jambuster Wrote: [ -> ] (2013-03-20, 11:09 PM)Jason L. Wrote: [ -> ] (2013-03-20, 10:54 PM)Jambuster Wrote: [ -> ]You literally told the OP that you DONT KNOW if its safe or not at the end of your post. Its you that needs to educate yourself before you come on blabbering gibberish.
He's using a template that contains javascript. The html has user input, which if not sanitized is open to sql injection.
Don't come on here mouthing off on something you are obviously oblivious to.
Forgot I'm one of the better designers/coders available for MyBB and I don't know what I'm talking about.
But you are incorrect. Have you not noticed that every single template is "raw html and javascript"? That's kind of what they're for...
Lmao, jason. Your the designer that developing themes in 2013 using tables pfttt lol.
Im not even gonna explain what i mean by "raw", you seem to be a little dumb struck at the moment lol.
Do you even know what you're saying? There's maybe 3 themes that don't use tables available for MyBB. There is nothing wrong with tables and they are not depreceated, so I'm not really sure what you're talking about.
The MyBB community has generated such a negative connotation to the table code.
In case you didn't know, vBulletin and IPB both use tables.
Also, facebook and twitter too use tables for layout..two of the biggest sites in the world. weird huh?