I found this bit of code from back in 2006, and it makes sense to me:
use constant ALLOWED_HTML => (
'a'=>{args=>{'href'=>'url'}},
'b'=>{},'i'=>{},'u'=>{},'sub'=>{},'sup'=>{},
'em'=>{},'strong'=>{},
'ul'=>{},'ol'=>{},'li'=>{},'dl'=>{},'dt'=>{},'dd'=>{},
'p'=>{},'br'=>{empty=>1},'blockquote'=>{},
)
But putting it in there causes a server error.
How can I parse allowed HTML so that people can embed stuff like this?
Thanks!
>>11-12
That's highly insecure, as there's no way whatsoever to confirm that an embedded object is non-malicious.
>>13
i doubt that will convince him. when people told him that his php script allows people to inject perl code, he tried to fix it by adding some javascript: http://anonboards.com/help/kareha.pl/1237491609/5
newb here.
So what's the worst case scenario?
Can only youtube be allowed and others blocked?
> So what's the worst case scenario?
if you do it wrong, people can inject whatever javascript they want into the page.
> Can only youtube be allowed and others blocked?
not easily. you'd have to modify the appropriate functions in wakautils.pl
for that.
There's that allowscripting attribute, but I forget how it works.
I suppose that this is wakaba only?
With kareha the 'object' -tag doesn't render, but displays as text.
Thanks anyway.
When I try to install Kareha I get this this error
http://9781chan.agilityhoster.com/kareha.pl
Also I'm using a free host because my paid host banned me for CP because 4chan and chantoplist raided and reported me.
>>21
what does it say if you put die$ENV{PWD};
right before require 'config.pl';
in kareha.pl?
what does it say if you put die$ENV{SCRIPT_FILENAME};
there?
When I put $ENV(PWD);
I get
Died at /usr/share/perl/5.8/CGI/Carp.pm line 314.
BEGIN failed--compilation aborted at /home/www/9781chan.agilityhoster.com/kareha.pl line 12.
and the other gives me this
/home/www/9781chan.agilityhoster.com/kareha.pl at /usr/share/perl/5.8/CGI/Carp.pm line 314.
BEGIN failed--compilation aborted at /home/www/9781chan.agilityhoster.com/kareha.pl line 12.
> When I put $ENV(PWD);
That's not what he told you to put there. Note the curly braces.
Hi fellas
I want to implement youtube embedding on my kareha board, but now Youtoube gives iframes instead of embed tags.
I tried to figure out how to put iframes in the ALLOWED_HTML but no success yet (i'm pretty new to perl you guessed it)
I also tried to simply adding my chan to the allowed URLs in a Greasemonkey script that specificaly embed plain text youtube links; but links are automatically converted to clickable links on my board.
So my question is: Should I keep on trying putting iframes in the allowed_html (unsafe IMO)
OR how to I turn off the clickable links in kareha, so the fricking greasemonkey script see the youtubes link correctly
thanks in advance for the help or the flamming