MyBB Community Forums
creating a custom mycode for an anchor tag - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: 1.8 Support (https://community.mybb.com/forum-175.html)
+--- Forum: General Support (https://community.mybb.com/forum-176.html)
+--- Thread: creating a custom mycode for an anchor tag (/thread-206353.html)



creating a custom mycode for an anchor tag - metulburr - 2016-12-02

I am trying to make an anchor html tag. So people can make a tag, and link other people to the point on the post, instead of the alternative to just give post ID. However it doesnt seem to be working

regex:
\[anchor=(.*?)\](.*?)\[/anchor\]

replacement:
<a href="#$1">$2</a>
and usage:
[anchor=custom_anchor]test[/anchor]

it adds #custom_anchor to the link, but it does not move to that position.


RE: creating a custom mycode for an anchor tag - Lunorian - 2016-12-02

Hi there. From what I understand you would like to add a tag to your MyBB Forum that allows you to make in post links. I noticed you didn't add a div for it to link to. To fix this please use the following values for your MyCode.

Regex:
\[anchor=(.*?)\](.*?)\[/anchor\]

Replacement:
<div id="$1"><a href="#$1">$2</a></div>

Afterwards it'll drop down whatever the linked anchor text is. Please let us know if you have any further questions Smile


RE: creating a custom mycode for an anchor tag - metulburr - 2016-12-02

thank you. That was what i was missing.

I think this might be beyond mybb. But the anchor works if you first open the link to that, but upon refreshing the page, it does not. I would think that refreshing the page with that link of the anchor should re-aligned the browser to that position of the anchor wouldnt it?

Is allowing users to create anchors safe?


RE: creating a custom mycode for an anchor tag - Lunorian - 2016-12-02

(2016-12-02, 03:25 PM)metulburr Wrote: thank you. That was what i was missing.

I think this might be beyond mybb. But the anchor works if you first open the link to that, but upon refreshing the page, it does not. I would think that refreshing the page with that link of the anchor should re-aligned the browser to that position of the anchor wouldnt it?

Is allowing users to create anchors safe?

Refreshing a page after loading the anchor is a browser limitation and is beyond the scope of MyBB/HTML Tags. Clicking a link to the anchor should work without issue however refreshing is where browser limitations kick in.

On my test server even copying and pasting the link and pressing enter when to the anchor so I do believe it's simply a browser limitation.

On the subject of anchor safety the main risk is a user as a "pid" so I would would out numbers to be honest (require it to be a word), the only other risk is a troll trying to "anchor hijack" and move one anchor to another, that type of risk is minimal.

I would make sure you only allow letters, no numbers or symbols to minimize risk. as MyBB does NOT filter your MyCode by default you have to set that up yourself. Otherwise there is a small XSS risk.

That being said I'm glad your issue was resolved and please let us know if you have any further questions. Please be sure to mark this thread as solved if we've answered all your questions.


RE: creating a custom mycode for an anchor tag - metulburr - 2016-12-02

(2016-12-02, 03:49 PM)Deatives Wrote: On the subject of anchor safety the main risk is a user as a "pid" so I would would out numbers to be honest (require it to be a word), the only other risk is a troll trying to "anchor hijack" and move one anchor to another, that type of risk is minimal.

i think we opted for this for team member use, so we didnt make a sceditor button for it. But that doesnt mean a regular user couldnt use it....they just dont know about it. 

Im not sure i understand what you mean as the user as a post ID? And im crappy at regex. Would you know the regex for hte mycode to limit characters to be letters. I think its something like [a-z][A-Z]. Or is there a way to restrict mycode to be used by only X user groups? 

Im not sure also what you mean by anchor hijack. Only admins/mods on our forum has access to edit a post. The user themselves only have 48 hours then it auto locks.


RE: creating a custom mycode for an anchor tag - Lunorian - 2016-12-02

(2016-12-02, 04:48 PM)metulburr Wrote:
(2016-12-02, 03:49 PM)Deatives Wrote: On the subject of anchor safety the main risk is a user as a "pid" so I would would out numbers to be honest (require it to be a word), the only other risk is a troll trying to "anchor hijack" and move one anchor to another, that type of risk is minimal.

i think we opted for this for team member use, so we didnt make a sceditor button for it. But that doesnt mean a regular user couldnt use it....they just dont know about it. 

Im not sure i understand what you mean as the user as a post ID? And im crappy at regex. Would you know the regex for hte mycode to limit characters to be letters. I think its something like [a-z][A-Z]. Or is there a way to restrict mycode to be used by only X user groups? 

Im not sure also what you mean by anchor hijack. Only admins/mods on our forum has access to edit a post. The user themselves only have 48 hours then it auto locks.

1) Anyone could find out how to create a link like that by simply quoting your post and editing their post afterwards (or just look at quick reply, that's an event faster way, a smart user could figure things out).

2) The old MyBB Wiki is gone but I was able to get a screenshot from the Internet Archive. Free free to read at: http://web.archive.org/web/20120515101822/http://wiki.mybb.com/index.php/Admin_CP_Config_MyCode it explains how to create custom MyCode.

3) The user could still make a edit a post within 48 and hijack the original anchor, if they had a desire to do so. I'm also inexperienced with regex. I'm not sure of the correct regex to limit to letters.

4) You cannot restrict a custom MyCode to specific usergroups.

TL;DR There will always be the risk of a troll hijacking another user's anchor and you can add limitations to make things a bit safer.