I found this bit of code from back in 2006, and it makes sense to me:

use constant ALLOWED_HTML => (

'a'=>{args=>{'href'=>'url'}},
'b'=>{},'i'=>{},'u'=>{},'sub'=>{},'sup'=>{},
'em'=>{},'strong'=>{},
'ul'=>{},'ol'=>{},'li'=>{},'dl'=>{},'dt'=>{},'dd'=>{},
'p'=>{},'br'=>{empty=>1},'blockquote'=>{},

)

But putting it in there causes a server error.

How can I parse allowed HTML so that people can embed stuff like this?

Thanks!

I'm finding all of these old bits from pre-2007

Edit config.pl for enabling youtube embed code to be pasted in Formatting:HTML mode

use constant ALLOWED_HTML => (

'a'=>{args=>{'href'=>'url'},forced=>{'rel'=>'nofollow'}},
'object'=>{forced=>{'width'=>'425','height'=>'350'}},
'param'=>{args=>{'value'=>'url'},forced=>{'name'=>'movie'}},
'embed'=>{args=>{'src'=>'url'},forced=>{'type'=>'application/x-shockwave-flash','wmode'=>'transparent','width'=>'425','height'=>'350'}},
'b'=>{},'i'=>{},'u'=>{},'sub'=>{},'sup'=>{},
'em'=>{},'strong'=>{},
'ul'=>{},'ol'=>{},'li'=>{},'dl'=>{},'dt'=>{},'dd'=>{},
'p'=>{},'br'=>{empty=>1},'blockquote'=>{},

);

But there is no reference to ALLOWED_HTML in the new builds. Can someone with a history tell me where that had been referenced?

Thanks!

Bump

>>3

Don't bump a thread without adding anything useful.

> But there is no reference to ALLOWED_HTML in the new builds.

what.

> Can someone with a history tell me where that had been referenced?

http://www.google.com/codesearch?hl=en&q=+file:config.pl+package:http://wakaba.c3.cx/releases/kareha_3.1.3.zip+ALLOWED_HTML&sa=N&filter=0

this still produces a snytax error when i remove the # symbol

syntax error at config.pl line 173, near "1;"

>>6
Well then, fix the 'snytax' error, it practically gives you the answer!

>>2
How does this work?

1) I just copy this to my config.pl
2) and then copy a link from youtube and paste it into the post area? and it should embed it?

>>9
welcome to spam.txt

It cant be easier to do something like this. Here is what you do for all the noobs out there

-In wakaba, open your config.pl file. Scroll down to the very bottom where it says "1;". It should be the last line.

Above that last line, there is this "# no encoding; # Uncomment this if you uncommented the "use encoding" at the top of the file"

IN the middle of both those lines, put this code (as shown above)
use constant ALLOWED_HTML => (
'a'=>{args=>{'href'=>'url'},forced=>{'rel'=>'nofollow'}},
'object'=>{forced=>{'width'=>'425','height'=>'350'}},
'param'=>{args=>{'value'=>'url'},forced=>{'name'=>'movie'}},
'embed'=>{args=>{'src'=>'url'},forced=>{'type'=>'application/x-shockwave-flash','wmode'=>'transparent','width'=>'425','height'=>'350'}},
'b'=>{},'i'=>{},'u'=>{},'sub'=>{},'sup'=>{},
'em'=>{},'strong'=>{},
'ul'=>{},'ol'=>{},'li'=>{},'dl'=>{},'dt'=>{},'dd'=>{},
'p'=>{},'br'=>{empty=>1},'blockquote'=>{},
);

--------

The final statement should read"

# no encoding; # Uncomment this if you uncommented the "use encoding" at the top of the file
# Allowed HTML tags and attributes. Sort of undocumented for now, but feel free to
# learn by example.
use constant ALLOWED_HTML => (
'a'=>{args=>{'href'=>'url'},forced=>{'rel'=>'nofollow'}},
'object'=>{forced=>{'width'=>'425','height'=>'350'}},
'param'=>{args=>{'value'=>'url'},forced=>{'name'=>'movie'}},
'embed'=>{args=>{'src'=>'url'},forced=>{'type'=>'application/x-shockwave-flash','wmode'=>'transparent','width'=>'425','height'=>'350'}},
'b'=>{},'i'=>{},'u'=>{},'sub'=>{},'sup'=>{},
'em'=>{},'strong'=>{},
'ul'=>{},'ol'=>{},'li'=>{},'dl'=>{},'dt'=>{},'dd'=>{},
'p'=>{},'br'=>{empty=>1},'blockquote'=>{},
);
1;

The when you embed a video, simply just copy the embed code from youtube, etc and just paste it in the textbox as is.

>>11-12
That's highly insecure, as there's no way whatsoever to confirm that an embedded object is non-malicious.

>>13
i doubt that will convince him. when people told him that his php script allows people to inject perl code, he tried to fix it by adding some javascript: http://anonboards.com/help/kareha.pl/1237491609/5

newb here.

So what's the worst case scenario?
Can only youtube be allowed and others blocked?

> So what's the worst case scenario?

if you do it wrong, people can inject whatever javascript they want into the page.

> Can only youtube be allowed and others blocked?

not easily. you'd have to modify the appropriate functions in wakautils.pl for that.

There's that allowscripting attribute, but I forget how it works.

I suppose that this is wakaba only?

With kareha the 'object' -tag doesn't render, but displays as text.

Thanks anyway.

When I try to install Kareha I get this this error

http://9781chan.agilityhoster.com/kareha.pl

Also I'm using a free host because my paid host banned me for CP because 4chan and chantoplist raided and reported me.

>>21
what does it say if you put die$ENV{PWD}; right before require 'config.pl'; in kareha.pl?
what does it say if you put die$ENV{SCRIPT_FILENAME}; there?

When I put $ENV(PWD);

I get

Died at /usr/share/perl/5.8/CGI/Carp.pm line 314.
BEGIN failed--compilation aborted at /home/www/9781chan.agilityhoster.com/kareha.pl line 12.

and the other gives me this

/home/www/9781chan.agilityhoster.com/kareha.pl at /usr/share/perl/5.8/CGI/Carp.pm line 314.
BEGIN failed--compilation aborted at /home/www/9781chan.agilityhoster.com/kareha.pl line 12.

> When I put $ENV(PWD);

That's not what he told you to put there. Note the curly braces.

Hi fellas
I want to implement youtube embedding on my kareha board, but now Youtoube gives iframes instead of embed tags.

I tried to figure out how to put iframes in the ALLOWED_HTML but no success yet (i'm pretty new to perl you guessed it)

I also tried to simply adding my chan to the allowed URLs in a Greasemonkey script that specificaly embed plain text youtube links; but links are automatically converted to clickable links on my board.

So my question is: Should I keep on trying putting iframes in the allowed_html (unsafe IMO)
OR how to I turn off the clickable links in kareha, so the fricking greasemonkey script see the youtubes link correctly

thanks in advance for the help or the flamming