embedding youtube/etc? (25)

1 Name: dirtypants : 2008-05-21 22:06 ID:xtBUBKh9 [Del]

I found this bit of code from back in 2006, and it makes sense to me:

use constant ALLOWED_HTML => (

'a'=>{args=>{'href'=>'url'}},
'b'=>{},'i'=>{},'u'=>{},'sub'=>{},'sup'=>{},
'em'=>{},'strong'=>{},
'ul'=>{},'ol'=>{},'li'=>{},'dl'=>{},'dt'=>{},'dd'=>{},
'p'=>{},'br'=>{empty=>1},'blockquote'=>{},

)

But putting it in there causes a server error.

How can I parse allowed HTML so that people can embed stuff like this?

Thanks!

2 Name: dirtypants : 2008-05-22 09:39 ID:xtBUBKh9 [Del]

I'm finding all of these old bits from pre-2007

Edit config.pl for enabling youtube embed code to be pasted in Formatting:HTML mode

use constant ALLOWED_HTML => (

'a'=>{args=>{'href'=>'url'},forced=>{'rel'=>'nofollow'}},
'object'=>{forced=>{'width'=>'425','height'=>'350'}},
'param'=>{args=>{'value'=>'url'},forced=>{'name'=>'movie'}},
'embed'=>{args=>{'src'=>'url'},forced=>{'type'=>'application/x-shockwave-flash','wmode'=>'transparent','width'=>'425','height'=>'350'}},
'b'=>{},'i'=>{},'u'=>{},'sub'=>{},'sup'=>{},
'em'=>{},'strong'=>{},
'ul'=>{},'ol'=>{},'li'=>{},'dl'=>{},'dt'=>{},'dd'=>{},
'p'=>{},'br'=>{empty=>1},'blockquote'=>{},

);

But there is no reference to ALLOWED_HTML in the new builds. Can someone with a history tell me where that had been referenced?

Thanks!

3 Name: Anonymous : 2008-05-31 20:30 ID:grZxATmf [Del]

Bump

4 Name: !WAHa.06x36 : 2008-06-01 05:16 ID:Heaven [Del]

>>3

Don't bump a thread without adding anything useful.

5 Name: Anonymous : 2008-06-01 16:32 ID:Heaven [Del]

> But there is no reference to ALLOWED_HTML in the new builds.

what.

> Can someone with a history tell me where that had been referenced?

http://www.google.com/codesearch?hl=en&q=+file:config.pl+package:http://wakaba.c3.cx/releases/kareha_3.1.3.zip+ALLOWED_HTML&sa=N&filter=0

6 Name: Anonymous : 2008-12-22 22:23 ID:eSpaAEqh [Del]

this still produces a snytax error when i remove the # symbol

syntax error at config.pl line 173, near "1;"

7 Name: LiteralKa!!UIR4DE3n : 2008-12-24 10:38 ID:xU1dlwKh [Del]

>>6
Well then, fix the 'snytax' error, it practically gives you the answer!

8 Name: Anonymous : 2009-03-10 11:57 ID:ZvUErNZp [Del]

>>2
How does this work?

1) I just copy this to my config.pl
2) and then copy a link from youtube and paste it into the post area? and it should embed it?

9 Post deleted by moderator.

10 Name: Anonymous : 2009-03-11 18:44 ID:Heaven [Del]

>>9
welcome to spam.txt

11 Name: llama : 2009-03-21 08:50 ID:y7Xzo/8H [Del]

It cant be easier to do something like this. Here is what you do for all the noobs out there

-In wakaba, open your config.pl file. Scroll down to the very bottom where it says "1;". It should be the last line.

Above that last line, there is this "# no encoding; # Uncomment this if you uncommented the "use encoding" at the top of the file"

IN the middle of both those lines, put this code (as shown above)
use constant ALLOWED_HTML => (
'a'=>{args=>{'href'=>'url'},forced=>{'rel'=>'nofollow'}},
'object'=>{forced=>{'width'=>'425','height'=>'350'}},
'param'=>{args=>{'value'=>'url'},forced=>{'name'=>'movie'}},
'embed'=>{args=>{'src'=>'url'},forced=>{'type'=>'application/x-shockwave-flash','wmode'=>'transparent','width'=>'425','height'=>'350'}},
'b'=>{},'i'=>{},'u'=>{},'sub'=>{},'sup'=>{},
'em'=>{},'strong'=>{},
'ul'=>{},'ol'=>{},'li'=>{},'dl'=>{},'dt'=>{},'dd'=>{},
'p'=>{},'br'=>{empty=>1},'blockquote'=>{},
);

--------

The final statement should read"

# no encoding; # Uncomment this if you uncommented the "use encoding" at the top of the file
# Allowed HTML tags and attributes. Sort of undocumented for now, but feel free to
# learn by example.
use constant ALLOWED_HTML => (
'a'=>{args=>{'href'=>'url'},forced=>{'rel'=>'nofollow'}},
'object'=>{forced=>{'width'=>'425','height'=>'350'}},
'param'=>{args=>{'value'=>'url'},forced=>{'name'=>'movie'}},
'embed'=>{args=>{'src'=>'url'},forced=>{'type'=>'application/x-shockwave-flash','wmode'=>'transparent','width'=>'425','height'=>'350'}},
'b'=>{},'i'=>{},'u'=>{},'sub'=>{},'sup'=>{},
'em'=>{},'strong'=>{},
'ul'=>{},'ol'=>{},'li'=>{},'dl'=>{},'dt'=>{},'dd'=>{},
'p'=>{},'br'=>{empty=>1},'blockquote'=>{},
);
1;

12 Name: llama : 2009-03-21 08:51 ID:y7Xzo/8H [Del]

The when you embed a video, simply just copy the embed code from youtube, etc and just paste it in the textbox as is.

13 Name: Anonymous : 2009-03-21 20:42 ID:Heaven [Del]

>>11-12
That's highly insecure, as there's no way whatsoever to confirm that an embedded object is non-malicious.

14 Name: Anonymous : 2009-03-21 22:38 ID:Heaven [Del]

>>13
i doubt that will convince him. when people told him that his php script allows people to inject perl code, he tried to fix it by adding some javascript: http://anonboards.com/help/kareha.pl/1237491609/5

15 Name: Anonymous : 2009-04-20 14:52 ID:SqZsnXIw [Del]

newb here.

So what's the worst case scenario?
Can only youtube be allowed and others blocked?

16 Name: Anonymous : 2009-04-20 19:55 ID:Heaven [Del]

> So what's the worst case scenario?

if you do it wrong, people can inject whatever javascript they want into the page.

> Can only youtube be allowed and others blocked?

not easily. you'd have to modify the appropriate functions in wakautils.pl for that.

17 Name: !WAHa.06x36 : 2009-04-21 08:03 ID:i9iPM/g4 [Del]

There's that allowscripting attribute, but I forget how it works.

18 Name: Anonymous : 2009-04-21 10:23 ID:SqZsnXIw [Del]

I suppose that this is wakaba only?

With kareha the 'object' -tag doesn't render, but displays as text.

Thanks anyway.

19 Post deleted by moderator.

20 Post deleted by moderator.

21 Name: Anonymous : 2009-06-01 18:26 ID:HBIikIll (Image: 381x392 jpg, 114 kb) [Del]

src/1243905989234.jpg: 381x392, 114 kb

When I try to install Kareha I get this this error

http://9781chan.agilityhoster.com/kareha.pl

Also I'm using a free host because my paid host banned me for CP because 4chan and chantoplist raided and reported me.

22 Name: Anonymous : 2009-06-01 19:34 ID:Heaven [Del]

>>21
what does it say if you put die$ENV{PWD}; right before require 'config.pl'; in kareha.pl?
what does it say if you put die$ENV{SCRIPT_FILENAME}; there?

23 Name: Anonymous : 2009-06-02 13:50 ID:HBIikIll [Del]

When I put $ENV(PWD);

I get

Died at /usr/share/perl/5.8/CGI/Carp.pm line 314.
BEGIN failed--compilation aborted at /home/www/9781chan.agilityhoster.com/kareha.pl line 12.

and the other gives me this

/home/www/9781chan.agilityhoster.com/kareha.pl at /usr/share/perl/5.8/CGI/Carp.pm line 314.
BEGIN failed--compilation aborted at /home/www/9781chan.agilityhoster.com/kareha.pl line 12.

24 Name: !WAHa.06x36 : 2009-06-02 15:58 ID:Heaven [Del]

> When I put $ENV(PWD);

That's not what he told you to put there. Note the curly braces.

25 Name: Anonymous : 2011-10-15 15:08 ID:MZu+aJpY [Del]

Hi fellas
I want to implement youtube embedding on my kareha board, but now Youtoube gives iframes instead of embed tags.

I tried to figure out how to put iframes in the ALLOWED_HTML but no success yet (i'm pretty new to perl you guessed it)

I also tried to simply adding my chan to the allowed URLs in a Greasemonkey script that specificaly embed plain text youtube links; but links are automatically converted to clickable links on my board.

So my question is: Should I keep on trying putting iframes in the allowed_html (unsafe IMO)
OR how to I turn off the clickable links in kareha, so the fricking greasemonkey script see the youtubes link correctly

thanks in advance for the help or the flamming

Name: Link:
Leave these fields empty (spam trap):
More options...
Verification: