Sorry for the title but I really didn't know what to put.
I noticed that in HTML-enabled forums there is a problem with <>.
Whatever I type between the two <> is always understood as code and therefore the result is invisible posts. Here is an example
If I write <how are you> it is invisible. If I write how are you it is visible. This applies to every word between the two <>.
I share some screenshots to explain myself better
I hope I have been clear and thank you for your attention
This is normal: you allow html, so the content of the post is read as html. Anything between < and > is a html tag, it won't be displayed but interpreted.
You have to use html entities (« » to have them displayed, like in any html content.
HTML Character Entities
Some characters are reserved in HTML.
If you use the less than (<) or greater than (>) signs in your HTML text, the browser might mix them with tags.
Entity names or entity numbers can be used to display reserved HTML characters.
One line of questions a forum admin should be asking is "Do I need to enable HTML in posts? If it is for a small use case, can it be achieved with MyCode instead?"
Otherwise, <> are reserved characters and cause your posts to appear as intended.
So everything is normal from what I understand. More to the point, before, despite always having html in the forum activated, it wouldn't pick up anything. At this I wonder ‘is there something where only the administrator can use html in post?’.
(2024-09-27, 11:03 AM)Crazycat Wrote: This is normal: you allow html, so the content of the post is read as html. Anything between < and > is a html tag, it won't be displayed but interpreted.
You have to use html entities (« » to have them displayed, like in any html content.
of course is not normal , when option is "Allow HTML" this mean only valid HTML tag , not everything is between <> , and is not make sense for each post he force to use enitities to fix this ( It can be used as a temporary solution )
(2024-09-27, 01:05 PM)SELLECK87 Wrote: So everything is normal from what I understand. More to the point, before, despite always having html in the forum activated, it wouldn't pick up anything. At this I wonder ‘is there something where only the administrator can use html in post?’.
one way to fix this is in mybb core mybb developers can use preg_replace_callback check string that are like <NAME...> or </NAME> and if is not real html tag use htmlspecialchars function Convert special characters of it to HTML entities and this way in post you only can see valid html .
I remain fascinated by your knowledge. Yes indeed, as far as I understand it, not everything is html between <> because the problem could also occur if I do <<hi>> with the double <>.
(2024-09-27, 01:18 PM)Mostafa.Shiraali Wrote: of course is not normal , when option is "Allow HTML" this mean only valid HTML tag , not everything is between <> , and is not make sense for each post he force to use enitities to fix this ( It can be used as a temporary solution )
I think you're wrong: allow html doesn't transform content in html entities, it allows to keep them as they are typed (except for some tags as base, meta, script and style). So, the browser interprets < and > as html tags, and don't display them, it displays only what it "interprets" as content.
This is exactly the same if you create a simple html page with <hi> in it, it won't be displayed.
2024-09-27, 02:37 PM (This post was last modified: 2024-09-27, 02:38 PM by Mostafa.Shiraali. Edited 1 time in total.)
(2024-09-27, 02:27 PM)Crazycat Wrote:
(2024-09-27, 01:18 PM)Mostafa.Shiraali Wrote: of course is not normal , when option is "Allow HTML" this mean only valid HTML tag , not everything is between <> , and is not make sense for each post he force to use enitities to fix this ( It can be used as a temporary solution )
I think you're wrong: allow html doesn't transform content in html entities, it allows to keep them as they are typed (except for some tags as base, meta, script and style). So, the browser interprets < and > as html tags, and don't display them, it displays only what it "interprets" as content.
This is exactly the same if you create a simple html page with <hi> in it, it won't be displayed.
Allow HTML mean I allow wrote HTML code in my content and mybb instead of print them echo them as executable HTML code , so for this mybb need to detect which part of text is HTML and which part is not, this is called data validation , also as you mentioned " allow html doesn't transform content in html entities, it allows to keep them as they are typed " this option for html codes not other things, so when it is enabled it must detect html code from other, otherwise Based on your reasoning for example not need check post message for XSS attacks or ... I can say editor is for user to write everything he like (based on your reasoning ) !!!!!