Haha....
-
David Wengier wrote: theoretically, someone might be able to utilise this technique and do something quite bad. True, but theoretically someone could just as well hack the codeproject server and but their evil code on the front page, then everyone would be exposed... Anyway, what could such malicious code do... read your CP cokies and get your password?... open a cookie as a html file?.... execute an arbitrary program that would format your hard drive... uhh.. I get your point :-D And that's why I don't complain about event handlers getting fixed, but it's still fun to chellenge them :) As long as it doesn't go as far as banning HTML completely in posts.. that would suck :(
Cheers,
Marc:beer: Click to see my *real* signature :beer:
Marc Richarme wrote: True, but theoretically someone could just as well hack the codeproject server and but their evil code on the front page, then everyone would be exposed... But that would clearly come under the area of Chris securing the site. I was trying to say, why should he be held responsible for the actions of a malicious person. Marc Richarme wrote: As long as it doesn't go as far as banning HTML completely in posts.. that would suck If there were another system, it wouldn't matter too much. I post on a vBulletin forum, and the custom tags [b], [i] etc. work well enough. Sorry if this seems like I am attacking you or anything, you just sparked my mind off. Nothing personal :) -- David Wengier Sonork ID: 100.14177 - Ch00k
-
Marc Richarme wrote: True, but theoretically someone could just as well hack the codeproject server and but their evil code on the front page, then everyone would be exposed... But that would clearly come under the area of Chris securing the site. I was trying to say, why should he be held responsible for the actions of a malicious person. Marc Richarme wrote: As long as it doesn't go as far as banning HTML completely in posts.. that would suck If there were another system, it wouldn't matter too much. I post on a vBulletin forum, and the custom tags [b], [i] etc. work well enough. Sorry if this seems like I am attacking you or anything, you just sparked my mind off. Nothing personal :) -- David Wengier Sonork ID: 100.14177 - Ch00k
David Wengier wrote: why should he be held responsible for the actions of a malicious person. Never said he should, and I think he's doing a great job in securing the site while still preserving the neat features that make CodeProject special (Like i wrote in my original post, only a few hours after using my signature, the hole got fixed... well one of the holes anyway) David Wengier wrote: If there were another system, it wouldn't matter too much. I post on a vBulletin forum, and the custom tags [b], [i] etc. work well enough. I must disagree here.. I think html is a great way to do it, and CodeProject has actually managed to make it more or less safe... just a little more tweaking on the filters and it should be just fine (Now I'm not asking for this to be done.. I'd like my signature to work for a few more days ;P) David Wengier wrote: Sorry if this seems like I am attacking you or anything, you just sparked my mind off. Nothing personal - ditto :-D
Cheers,
Marc:beer: Click to see my *real* signature :beer:
-
peterchen wrote: OnMouseUp will probably follow.... Then I'll use OnDblClick.. and then OnMouseMove.. etc. until there are no more event available.. then I'll use href="javascript:...", and then I'll figure out some other way ;P peterchen wrote: Can't we have a "script kid" area, where all you leed JScripters can show off what you can do all day all night? Sounds cool to me :) Ohh.. I get an idea... I think my signature should dynamically change all other signatures on the whole page to look just like mine.. that would you script kiddies how 1337 r0xX0r I r3a11y 7m :beer:
Cheers,
Marc:beer: Click to see my *real* signature :beer:
You could create code that just automatically logs in to CP for you every hour, and edits your sig for you :) -- Help me! I'm turning into a grapefruit!
-
You could create code that just automatically logs in to CP for you every hour, and edits your sig for you :) -- Help me! I'm turning into a grapefruit!
benjymous wrote: You could create code that just automatically logs in to CP for you every hour, and edits your sig for you No, cuz it wouldn't change it in the messages that were already posted :(
Cheers,
Marc:beer: Click to see my *real* signature :beer:
-
Nish - Native CPian wrote: Because he cannot. Most tags are blocked. So you can't have fancy sigs like he seems to want to have. So he has to load some other page there. Using iframes I think ...And don't forget that the whole thing must fit in the 500 char limit of the signature :)
Cheers,
Marc:beer: Click to see my *real* signature :beer:
Marc Richarme wrote: And don't forget that the whole thing must fit in the 500 char limit of the signature Yeah, that too :-)
Author of the romantic comedy Summer Love and Some more Cricket [New Win] Buy it, read it and admire me :-)
-
The only thing in the sig that is blocked, as far as I know, is the random quote javascript. Another interesting thing to consider. This loads up a HTML file which loads a JavaScript file. Now, given the number of security holes that have been found in IE (and not to start a flame war) theoretically, someone might be able to utilise this technique and do something quite bad. -- David Wengier Sonork ID: 100.14177 - Ch00k
David Wengier wrote: The only thing in the sig that is blocked, as far as I know, is the random quote javascript. That's the fancy part that is the pride of his eye, I think :-)
Author of the romantic comedy Summer Love and Some more Cricket [New Win] Buy it, read it and admire me :-)
-
Why bother? why not just have the sig there normally. Are you worried that your posts might be so bad that you need to have some form of entertainment for people, so they dont feel their time has been wasted? -- David Wengier Sonork ID: 100.14177 - Ch00k
I say ban sigs all together.:)
-
I say ban sigs all together.:)
Good idea
-
benjymous wrote: You could create code that just automatically logs in to CP for you every hour, and edits your sig for you No, cuz it wouldn't change it in the messages that were already posted :(
Cheers,
Marc:beer: Click to see my *real* signature :beer:
Hmm, true. But at least it'll mean each post will get a different sig (if you run your script often enough). Perhaps you could make it search all your old posts and edit the sig on those :-D -- Help me! I'm turning into a grapefruit!
-
Haha, got my signature working again ;P Yesterday I posted two posts with by brand new signature and this morning... wh00p didn't work... was becuase the onmousedown event got banned like the onclick one is :laugh: Now, I'm sure the server didn't figure that out by itself so some admin *cough* Chris *cough* must have something to do with this! I vote for signatures rights! :-D Revolution!!! :beer:
Cheers,
Marc:beer: Click to see my *real* signature :beer:
You epitomise the reason I haven't banned HTML. Nice :) One day I'll pull the plug on onmouseup - but for the moment I'm just enjoying the creativity. cheers, Chris Maunder