-
Notifications
You must be signed in to change notification settings - Fork 250
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bbPress formatting issue #347
Comments
Hello, Thanks. |
The removal of the tags was in response to the plugin being pulled due to a potential XSS (Cross-Site Scripting) issue. If a script tag or attribute is included in the tags, it can execute this when the page renders. I'll need to work towards a solution to allow all safe tags. |
Hello, Thanks. |
Ideally I'd like to blacklist any event attributes like |
Hello, Thanks. |
Can you download the zip for 9e47ee4 and give it a go? It should only scrape script tags and event attributes which is sufficient to prevent XSS attacks I think. |
Hello, Thanks. |
Hello, Thanks. |
You can find it on the main github page for the project. The direct link is here: https://github.com/aramk/crayon-syntax-highlighter/archive/master.zip |
I've had another user verify by email that the fix worked. I'll wait for a few others to confirm here before releasing. |
Hello, Thanks. |
Would be able to test the latest download again? I've made a further change to return plain text from the AJAX call, but it shouldn't affect the bbPress highlighting which is still working for me. |
Hello, Thanks. |
Hello, Warning: Missing argument 2 for CrayonUtil::strip_event_attributes(), called in /public_html/wp-content/plugins/crayon-syntax-highlighter/crayon_wp.class.php on line 204 and defined in /public_html/wp-content/plugins/crayon-syntax-highlighter/util/crayon_util.class.php on line 851 Thanks. |
Thanks for testing. I've fixed that issue. That was a warning so it should otherwise be working? |
Hello, Thanks. |
Great! Up to you, but I should be able to publish this soon. Waiting on On Sun, May 8, 2016 at 12:56 AM Alex S notifications@github.com wrote:
|
Hello, Thanks. |
Hello, Thanks. |
Hello, Could you please look in to this? The beta version worked fine, you release the update and it screws up my forum. Not cool. Thanks. |
Hi, 2.8.3 is still the latest version released through Wordpress plugins. I haven't released anything yet. I suspect you updated back to this version from the 2.8.4 beta. Since the beta is not released, it will ask you to update to the latest (2.8.3) which reverted the fixes in 2.8.4 beta. |
Hello, Thanks. |
Hello, will be there an update (maybe just update the readme.txt) to WordPress 4.5.x? I found no issue at the moment, so it could be enough to change the "tested up to" in the readme.txt In the last updates the "tested up to" tag wasn't changed. Best regards, |
Updated this in e881910. Version 2.8.4 has been released. |
Thanks for the update. It's not stripping html from my forum now but it is stripping jwplayer <script> tags. Is there a way to whitelist certain tags without hacking the code? Thanks Lux |
Hi,
new version 2.8.3 strip formatting of the bbPress threads and it displays in a plain text. Thanks.
The text was updated successfully, but these errors were encountered: