Jump to the post that solved this thread.
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Not Solved creating a custom mycode for an anchor tag
#1
Not Solved
I am trying to make an anchor html tag. So people can make a tag, and link other people to the point on the post, instead of the alternative to just give post ID. However it doesnt seem to be working

regex:
\[anchor=(.*?)\](.*?)\[/anchor\]

replacement:
<a href="#$1">$2</a>
and usage:
[anchor=custom_anchor]test[/anchor]

it adds #custom_anchor to the link, but it does not move to that position.
Reply
#2
Not Solved
Hi there. From what I understand you would like to add a tag to your MyBB Forum that allows you to make in post links. I noticed you didn't add a div for it to link to. To fix this please use the following values for your MyCode.

Regex:
\[anchor=(.*?)\](.*?)\[/anchor\]

Replacement:
<div id="$1"><a href="#$1">$2</a></div>

Afterwards it'll drop down whatever the linked anchor text is. Please let us know if you have any further questions Smile
Software Engineer specializing in Crystal Program Development

Reply
#3
Not Solved
thank you. That was what i was missing.

I think this might be beyond mybb. But the anchor works if you first open the link to that, but upon refreshing the page, it does not. I would think that refreshing the page with that link of the anchor should re-aligned the browser to that position of the anchor wouldnt it?

Is allowing users to create anchors safe?
Reply
#4
Not Solved
(12-02-2016, 03:25 PM)metulburr Wrote: thank you. That was what i was missing.

I think this might be beyond mybb. But the anchor works if you first open the link to that, but upon refreshing the page, it does not. I would think that refreshing the page with that link of the anchor should re-aligned the browser to that position of the anchor wouldnt it?

Is allowing users to create anchors safe?

Refreshing a page after loading the anchor is a browser limitation and is beyond the scope of MyBB/HTML Tags. Clicking a link to the anchor should work without issue however refreshing is where browser limitations kick in.

On my test server even copying and pasting the link and pressing enter when to the anchor so I do believe it's simply a browser limitation.

On the subject of anchor safety the main risk is a user as a "pid" so I would would out numbers to be honest (require it to be a word), the only other risk is a troll trying to "anchor hijack" and move one anchor to another, that type of risk is minimal.

I would make sure you only allow letters, no numbers or symbols to minimize risk. as MyBB does NOT filter your MyCode by default you have to set that up yourself. Otherwise there is a small XSS risk.

That being said I'm glad your issue was resolved and please let us know if you have any further questions. Please be sure to mark this thread as solved if we've answered all your questions.
Software Engineer specializing in Crystal Program Development

Reply
#5
Not Solved
(12-02-2016, 03:49 PM)Deatives Wrote: On the subject of anchor safety the main risk is a user as a "pid" so I would would out numbers to be honest (require it to be a word), the only other risk is a troll trying to "anchor hijack" and move one anchor to another, that type of risk is minimal.

i think we opted for this for team member use, so we didnt make a sceditor button for it. But that doesnt mean a regular user couldnt use it....they just dont know about it. 

Im not sure i understand what you mean as the user as a post ID? And im crappy at regex. Would you know the regex for hte mycode to limit characters to be letters. I think its something like [a-z][A-Z]. Or is there a way to restrict mycode to be used by only X user groups? 

Im not sure also what you mean by anchor hijack. Only admins/mods on our forum has access to edit a post. The user themselves only have 48 hours then it auto locks.
Reply
#6
Not Solved
(12-02-2016, 04:48 PM)metulburr Wrote:
(12-02-2016, 03:49 PM)Deatives Wrote: On the subject of anchor safety the main risk is a user as a "pid" so I would would out numbers to be honest (require it to be a word), the only other risk is a troll trying to "anchor hijack" and move one anchor to another, that type of risk is minimal.

i think we opted for this for team member use, so we didnt make a sceditor button for it. But that doesnt mean a regular user couldnt use it....they just dont know about it. 

Im not sure i understand what you mean as the user as a post ID? And im crappy at regex. Would you know the regex for hte mycode to limit characters to be letters. I think its something like [a-z][A-Z]. Or is there a way to restrict mycode to be used by only X user groups? 

Im not sure also what you mean by anchor hijack. Only admins/mods on our forum has access to edit a post. The user themselves only have 48 hours then it auto locks.

1) Anyone could find out how to create a link like that by simply quoting your post and editing their post afterwards (or just look at quick reply, that's an event faster way, a smart user could figure things out).

2) The old MyBB Wiki is gone but I was able to get a screenshot from the Internet Archive. Free free to read at: http://web.archive.org/web/2012051510182...fig_MyCode it explains how to create custom MyCode.

3) The user could still make a edit a post within 48 and hijack the original anchor, if they had a desire to do so. I'm also inexperienced with regex. I'm not sure of the correct regex to limit to letters.

4) You cannot restrict a custom MyCode to specific usergroups.

TL;DR There will always be the risk of a troll hijacking another user's anchor and you can add limitations to make things a bit safer.
Software Engineer specializing in Crystal Program Development

Reply
Jump to the post that solved this thread.


Forum Jump:


Users browsing this thread: 1 Guest(s)