Recent Topics

[solved] XHTML Cleaning Bug

Started by on Sep 16, 2007 – Contents updated: Sep 16, 2007

Sep 16, 2007 05:41    

The b2e system is adding unnecessary closing tags, example:

<input something="something" />
is the correct way, but b2e will make it:

<input something="something" /></input>
or
<input something="something"></input>
or
<input something="something"/></input>

Which is messing new or edited posts.
I haven't encountered other tags with similar cases.

<br/> or <br /> is fine
so far, I've only encountered this with <input>

Sep 16, 2007 09:04

I'm assuming that you added input to formatting.php, but you also need to add it to inc/_core/_misc.funcs.php ( approx 999 )

			// Tag Cleaning

			// Push if not img or br or hr
			if($tag != 'br' && $tag != 'img' && $tag != 'hr' && $tag != 'input' ) {
				$stacksize = array_push ($tagstack, $tag);
			}

¥

Sep 16, 2007 15:39

nope. didn't touch it actually.

The only one I changed was to set the html checker to zero (0) so it will accept the <form> element.

Sep 16, 2007 16:30

did the above change fix things?

¥

Sep 17, 2007 05:51

Oh yah, forgot to mention that. It fixed it.

--
Btw, what's with the "formatting.php"? Never really bothered with that file except changing the HTML checker 1 and 0 when the need arises.

Thanks!

Sep 17, 2007 14:34

Laibcoms wrote:

Btw, what's with the "formatting.php"? Never really bothered with that file except changing the HTML checker 1 and 0 when the need arises.

Thanks!

The _formatting.php is a basic XHTML checker that regulates which tags are allowed in what context. This will get you some control over your bloggers and commenters, since they cannot post a lot of the malicious code that take advantage of <form>, <iframe> tags and what have you.
Unfortunately the list is a bit arbitrary. It does allow <table> but it does not allow <td> within <table>.
I tried to hack the _formatting.php for specific purposes. It can be done, but it's a bit like spaghetti code.

Good luck

Sep 17, 2007 14:51

Yep, that's the reason I don't bother touching it except turning the HTML checker on or off if there's a post that I need to get pass through.

Now with all that, a suggestion came up to my mind.

Add a feature wherein, certain users, or group of users can bypass the HTML checker. I prefer it to be permission-based instead of "level-based".

Just a thought.

Sep 23, 2007 18:17

Hmm.. just curious, any chance the fix above gets added to the releases? ^_^

I mean, if they have HTML checker on, <input> won't get in anyway.

Tnx!!

Sep 24, 2007 18:02

Afwas wrote:

I tried to hack the _formatting.php for specific purposes. It can be done, but it's a bit like spaghetti code.

I can send you a variation of _formatting.php if you want to have a play with it and let me know what you think?

Be warned, it's not been tested and may cause your server to melt at any moment :|

¥

Sep 24, 2007 18:22

¥åßßå wrote:

Be warned, it's not been tested and may cause your server to melt at any moment :|

¥

So that's what you were doing when your pump broke down :>
I PM you a valid email.

Tx

Sep 24, 2007 18:46

Weirdly enough, I was actually melting a server when the pump broke ;)

Sent you a link

¥

Oct 01, 2007 09:21

hi,

got the cvs as of 3:00pm 10/1, checked it, it now is like this:


if($tag != 'br' && $tag != 'img' && $tag != 'hr' && $tag != 'param')

new feature coming or something?

Oct 01, 2007 09:36

If you crack open the _formatting.php that's in the conf folder you'll find a couple of new things ;)

¥


Form is loading...

Run your own website! – This forum is powered by b2evolution CMS, a complete engine for your website.