MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > \<script\>window.location="http://azzz.fileave.com" \<\/script\>
Full Version: \<script\>window.location="http://azzz.fileave.com" \<\/script\>
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

cyclone

2011-03-13, 06:34 PM
<script>window.location="http://azzz.fileave.com" </script>
Hi, why does the above posting does not redirect to http://azzz.fileave.com in MyBB Community Forums, while it DOES redirects to http://azzz.fileave.com in my website that installs the latest MyBB, 1.6.2 ?

Please advice. Thanks.

Lo.

2011-03-13, 06:45 PM
Because HTML isn't enabled in posts, and (from memory but i'm not sure) the script tag is locked down.

Matt

2011-03-13, 06:46 PM
You will have modified something or you'll have non-default code running. HTML is disabled by default but even if it's enabled, it won't parse script tags. Do you have any plugins that allow HTML in posts??

cyclone

2011-03-13, 06:51 PM
My website is http://www.valuebuddies.com
As you can see now, it redirects to http://azzz.fileave.com

How to check which one of my plugins allow HTML in posts ?

Matt

2011-03-13, 07:00 PM
Right, so it happens on the forum index, would have good to have mentioned that before... this is a security vulnerability with the 'Recent Topics' plugin, it doesn't sanitise the thread title, you should report this to the plugin author.

cyclone

2011-03-13, 07:01 PM
Thank you very much, MattRogowski.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > \<script\>window.location="http://azzz.fileave.com" \<\/script\>