embedding youtube/etc? (25)
1 Name: dirtypants : 2008-05-21 22:06 ID:xtBUBKh9
I found this bit of code from back in 2006, and it makes sense to me:
use constant ALLOWED_HTML => (
'a'=>{args=>{'href'=>'url'}},
'b'=>{},'i'=>{},'u'=>{},'sub'=>{},'sup'=>{},
'em'=>{},'strong'=>{},
'ul'=>{},'ol'=>{},'li'=>{},'dl'=>{},'dt'=>{},'dd'=>{},
'p'=>{},'br'=>{empty=>1},'blockquote'=>{},)
But putting it in there causes a server error.
How can I parse allowed HTML so that people can embed stuff like this?
Thanks!
13 Name: Anonymous : 2009-03-21 20:42 ID:Heaven
>>11-12
That's highly insecure, as there's no way whatsoever to confirm that an embedded object is non-malicious.
14 Name: Anonymous : 2009-03-21 22:38 ID:Heaven
>>13
i doubt that will convince him. when people told him that his php script allows people to inject perl code, he tried to fix it by adding some javascript: http://anonboards.com/help/kareha.pl/1237491609/5
15 Name: Anonymous : 2009-04-20 14:52 ID:SqZsnXIw
newb here.
So what's the worst case scenario?
Can only youtube be allowed and others blocked?
16 Name: Anonymous : 2009-04-20 19:55 ID:Heaven
> So what's the worst case scenario?
if you do it wrong, people can inject whatever javascript they want into the page.
> Can only youtube be allowed and others blocked?
not easily. you'd have to modify the appropriate functions in wakautils.pl for that.
17 Name: !WAHa.06x36 : 2009-04-21 08:03 ID:i9iPM/g4
There's that allowscripting attribute, but I forget how it works.
18 Name: Anonymous : 2009-04-21 10:23 ID:SqZsnXIw
I suppose that this is wakaba only?
With kareha the 'object' -tag doesn't render, but displays as text.
Thanks anyway.
19 Post deleted by moderator.
20 Post deleted by moderator.
21 Name: Anonymous : 2009-06-01 18:26 ID:HBIikIll (Image: 381x392 jpg, 114 kb)
When I try to install Kareha I get this this error
http://9781chan.agilityhoster.com/kareha.pl
Also I'm using a free host because my paid host banned me for CP because 4chan and chantoplist raided and reported me.
22 Name: Anonymous : 2009-06-01 19:34 ID:Heaven
>>21
what does it say if you put die$ENV{PWD}; right before require 'config.pl'; in kareha.pl?
what does it say if you put die$ENV{SCRIPT_FILENAME}; there?
23 Name: Anonymous : 2009-06-02 13:50 ID:HBIikIll
When I put $ENV(PWD);
I get
Died at /usr/share/perl/5.8/CGI/Carp.pm line 314.
BEGIN failed--compilation aborted at /home/www/9781chan.agilityhoster.com/kareha.pl line 12.
and the other gives me this
/home/www/9781chan.agilityhoster.com/kareha.pl at /usr/share/perl/5.8/CGI/Carp.pm line 314.
BEGIN failed--compilation aborted at /home/www/9781chan.agilityhoster.com/kareha.pl line 12.
24 Name: !WAHa.06x36 : 2009-06-02 15:58 ID:Heaven
> When I put $ENV(PWD);
That's not what he told you to put there. Note the curly braces.
25 Name: Anonymous : 2011-10-15 15:08 ID:MZu+aJpY
Hi fellas
I want to implement youtube embedding on my kareha board, but now Youtoube gives iframes instead of embed tags.
I tried to figure out how to put iframes in the ALLOWED_HTML but no success yet (i'm pretty new to perl you guessed it)
I also tried to simply adding my chan to the allowed URLs in a Greasemonkey script that specificaly embed plain text youtube links; but links are automatically converted to clickable links on my board.
So my question is: Should I keep on trying putting iframes in the allowed_html (unsafe IMO)
OR how to I turn off the clickable links in kareha, so the fricking greasemonkey script see the youtubes link correctly
thanks in advance for the help or the flamming