|
Joined: Apr 2003
Posts: 57
Member
|
Member
Joined: Apr 2003
Posts: 57 |
Hi, After upgrading to 6.5 I've discovered that I cannot use "EMBED" & "OBJECT" HTMLs tags .... Anybudy Knows where is the problem ?
|
|
|
|
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
|
Moderator / Kingpin
Joined: Feb 2001
Posts: 817 |
They're not permitted because of various malicious HTML exploits that utilize them.
|
|
|
|
Joined: Apr 2003
Posts: 57
Member
|
Member
Joined: Apr 2003
Posts: 57 |
What Then how to add a flash or a real player ??
|
|
|
|
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
|
Admin Emeritus
Joined: Jan 2000
Posts: 5,073 |
Very, very carefully, if at all. Both allow arbritary scripting to occur which may lead to exploits. Unless you have implicit trust for your users and know that they will not abuse the functions, you should not remove the filters for those elements.
UBB.classic: Love it or hate it, it was mine.
|
|
|
|
Joined: Apr 2003
Posts: 57
Member
|
Member
Joined: Apr 2003
Posts: 57 |
Ok How could I remove the filters for those tags ? Aren't there any other ways to use real player without removing the filters ?
|
|
|
|
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
|
Admin Emeritus
Joined: Jan 2000
Posts: 5,073 |
Well, you can link to the .ra or .ram file directly using the [url] tag...
If you wish to take the very dangerous and risky step of disabling the filters for embed and object... I'm afraid that no one here will provide you with exact directions. Examine the code in sub check_html_core in ubb_lib. It shouldn't be too hard to figure out.
Again, I must warn you that malicious users can then potentially cause major problems on your board... doing this is not advised, ever. It's really better off if you don't disable the filters - they're there for your protection.
UBB.classic: Love it or hate it, it was mine.
|
|
|
|
Joined: Apr 2003
Posts: 57
Member
|
Member
Joined: Apr 2003
Posts: 57 |
I understand the situation Charles and I really appreaciate ur concern If u dont mind could I just ask about the HTML tag EMBED What is its fuction and how extent problems might occur to the board if I alter the filter for only this tag ? :rolleyes:
|
|
|
|
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
|
Admin Emeritus
Joined: Jan 2000
Posts: 5,073 |
I would suggest not using :rolleyes: when asking a serious question.
Embed/object allow arbritary items to be inlined just into a page - not just plugins.
There are two main areas of concern.
First, Flash applets (among other things) can read and set cookies. There is a (remote) possibility that a flash app can be used to steal user login information. (While the password in the cookie is encrypted, the cookie can easily be reused by the attacker to log in as the user.)
Second, malicious users can use security problems in MSIE via Embed/object to cause it to either crash or do something nasty to the viewing computer.
UBB.classic: Love it or hate it, it was mine.
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
Posts: 1,157
Joined: July 2001
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
|
Most Online5,166 Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|