Usergroup: Customer
Joined: Aug 19, 2005
Location: England
Total Topics: 258
Total Posts: 819
Posted 04/04/08 - 09:08 AM:
#1
Paul, You may (or may not!) remember that I had a parse problem on my toplist when editing a link or category - it shows merely the html. The toplist I have is:
<!-- BEGIN TOPLIST 80 --> <CONFIG>links,rand(),1,ascending,banner != '',,,0,0,0,0,0,0,,0</CONFIG> {LINKBANNER} <!-- END TOPLIST 80 -->
The data in LINKBANNER is html (by necessity). This works correctly on all other pages. I can't remember which version this problem started, possibly 4.1 series.
Up until now that never cause a real problem so I basically ignored it!
However, I am now working on a site where it is causing a problem in that the toplist is pushed out of the usual alignment and pushing everything else out. When I edit a link the form does not show properly, see attachment, and the form is impossible to fill in.
Usergroup: Administrator
Joined: Dec 21, 2001
Location: Northern California
Total Topics: 49
Total Posts: 5539
Posted 04/04/08 - 07:49 PM:
#3
On the 'edit' page, I suppose HTML has to be shown unparsed so that you're able to edit it if it happens to be one of the things on the page you're editing.
At any rate, I always recommend against using HTML in field values. If you're typing it yourself, you can use WSN codes. If the submitter is typing it, then it's best not to make them use either (a banner, for example, should be easily handled by just asking for link and image URLs) but if you have to choose one then WSN codes are safer. If I recall there is some protection from XSS attacks built in even if you allow HTML, but there may be other sorts of malicious HTML people could come up with.
Print
Parse problem on toplist
