MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Is it bad to edit templates
Full Version: Is it bad to edit templates
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4

frostschutz

2013-03-21, 03:16 PM
Or you could use this method http://community.mybb.com/thread-116225.html

vEconomy

2013-03-21, 06:17 PM
Pavemen, I am not sure what you mean..

http://www.2007rs.net/calculators/magic.php

Just view the source. That is what is so big is all of that.

pavemen

2013-03-21, 06:30 PM
simplest solution, move all the JS that is part of /* Load the user's XP when the user has entered a RuneScape name */ all the way to the end of the script tag (after the pre load images) to a file and then simply link that file in the head.

vEconomy

2013-03-21, 07:10 PM
Will that make the page load faster?

pavemen

2013-03-21, 08:27 PM
yes after the first time. the first call they need to make another http request to the JS file, but if you setup your server cache settings properly it wont be downloaded until the user clears his own cache or the cache expires

Tom K.

2013-03-21, 09:03 PM
(2013-03-20, 09:46 PM)Jambuster Wrote: [ -> ]Your inserting raw html and javascript directly into it, of course thats a security issue. Your open to sql injection. Mybb sanitizes html etc.... thats entered into the database.

Ok... You have no idea what you are talking about really. Inserting javascript into a database isn't going to do orange. As long as the characters are escaped first, or URLencoded. If the OP is editing templates within the MyBB editor, this will be done. There is NO problem having javascript or "raw html" (whatever that is? Can you get cooked HTML? I think not) in a database. Now, there is a problem with taking user (as in, end user, not the OP) input and placing that directly into the database (without sanitization).

However, I could construct a perfectly valid 150k character table, include some fancy javascript and paste all of that into the template editor. It would be fine.

Jambuster

2013-03-21, 09:41 PM
(2013-03-21, 09:03 PM)Tom K. Wrote: [ -> ]
(2013-03-20, 09:46 PM)Jambuster Wrote: [ -> ]Your inserting raw html and javascript directly into it, of course thats a security issue. Your open to sql injection. Mybb sanitizes html etc.... thats entered into the database.

Ok... You have no idea what you are talking about really. Inserting javascript into a database isn't going to do orange. As long as the characters are escaped first, or URLencoded. If the OP is editing templates within the MyBB editor, this will be done. There is NO problem having javascript or "raw html" (whatever that is? Can you get cooked HTML? I think not) in a database. Now, there is a problem with taking user (as in, end user, not the OP) input and placing that directly into the database (without sanitization).

However, I could construct a perfectly valid 150k character table, include some fancy javascript and paste all of that into the template editor. It would be fine.

If you actually take the time to read what I was saying it would have saved you writing that utter skitter.

1. I was simply telling paveman that it was not HTML only, it was a mixture of javascript and html that was being inserted.

2. Hes not escaping the characters because hes inserting it directly into the database "HES NOT USING AN EDITOR SO ITS NOT ESCAPING"

3. This is exactly what is happening >>>>>> "Now, there is a problem with taking user (as in, end user, not the OP) input and placing that directly into the database (without sanitization)."

So I do know what I'm talking about. Your replying with pure skitter and obviously dont have a clue what the script is doing.

PS: What I mean be "raw html" is unescaped characters etc.....

Jason L.

2013-03-21, 09:54 PM
(2013-03-21, 09:03 PM)Tom K. Wrote: [ -> ]
(2013-03-20, 09:46 PM)Jambuster Wrote: [ -> ]Your inserting raw html and javascript directly into it, of course thats a security issue. Your open to sql injection. Mybb sanitizes html etc.... thats entered into the database.

Ok... You have no idea what you are talking about really. Inserting javascript into a database isn't going to do orange. As long as the characters are escaped first, or URLencoded. If the OP is editing templates within the MyBB editor, this will be done. There is NO problem having javascript or "raw html" (whatever that is? Can you get cooked HTML? I think not) in a database. Now, there is a problem with taking user (as in, end user, not the OP) input and placing that directly into the database (without sanitization).

However, I could construct a perfectly valid 150k character table, include some fancy javascript and paste all of that into the template editor. It would be fine.

don't feed the troll
Pages: 1 2 3 4
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Is it bad to edit templates