Home •  Forum •  FAQ •  Search •  Recent Topics •  Memberlist •  Register •  Log in 
Forum » Icy Phoenix Support » General Support

Using Quotes (") In The Topic Title, It Shows This Signs (") In The Quick Reply.

Reply to topic

 

Cristianita
Quote
Posts: 297 Location: Sonora, México
Fri 11 May, 2018 07:38
Subject: Using Quotes (") In The Topic Title, It Shows This Signs (") In The Quick Reply.
6763945597

1812975536


even in the browser tab:

8943905888


But not in "POST REPLY" I mean normal reply...

1981736027

0572942592


Why? :oops:

Profile PM   Website
Informpro
Quote
Posts: 1110
Sat 12 May, 2018 21:50
Subject: Re: Using Quotes (") In The Topic Title, It Shows This Signs (") In The Quick Reply.
Hi;

It is done to avoid HTML injection, but this one case needs to be smarter -- we need to differentiate between a value that could be from an attacker or from a trusted source.

Profile PM  
Cristianita
Quote
Posts: 297 Location: Sonora, México
Sat 12 May, 2018 22:07
Subject: Re: Using Quotes (") In The Topic Title, It Shows This Signs (") In The Quick Reply.
Informpro wrote: [View Post]
Hi;

It is done to avoid HTML injection, but this one case needs to be smarter -- we need to differentiate between a value that could be from an attacker or from a trusted source.
I'm not sure if I understood you. I think you are saying you need to check this feature, aren't you? :mryellow:

Profile PM   Website
Informpro
Quote
Posts: 1110
Sat 19 May, 2018 15:34
Subject: Re: Using Quotes (") In The Topic Title, It Shows This Signs (") In The Quick Reply.
Hi,

Yes, I am saying we are trying to be safe, but we are too safe because of this.

Profile PM  
Cristianita
Quote
Posts: 297 Location: Sonora, México
Sat 19 May, 2018 22:47
Subject: Re: Using Quotes (") In The Topic Title, It Shows This Signs (") In The Quick Reply.
Informpro wrote: [View Post]
Hi,

Yes, I am saying we are trying to be safe, but we are too safe because of this.
So it's better if we don't use this quotes in the titles, isn't it? Is that what you mean?

Profile PM   Website
Mighty Gorgon
Quote
Posts: 7191 Location: Borgo San Michele
Tue 05 Jun, 2018 00:12
Subject: Re: Using Quotes (") In The Topic Title, It Shows This Signs (") In The Quick Reply.
I will fix the issue in Quick Reply, but I won't fix it on page title, since injections may be possible.

I'm sure I added all these fixes because of security reasons in the past.

Profile PM   Website
Cristianita
Quote
Posts: 297 Location: Sonora, México
Tue 05 Jun, 2018 01:00
Subject: Re: Using Quotes (") In The Topic Title, It Shows This Signs (") In The Quick Reply.
Mighty Gorgon wrote: [View Post]
I will fix the issue in Quick Reply, but I won't fix it on page title, since injections may be possible.

I'm sure I added all these fixes because of security reasons in the past.

I got it... Thanks for all, avatar Mighty Gorgon

Profile PM   Website
Cristianita
Quote
Posts: 297 Location: Sonora, México
Sat 18 Aug, 2018 19:04
Subject: Re: Using Quotes (") In The Topic Title, It Shows This Signs (") In The Quick Reply.
Hi, God bless you, guys!

Profile PM   Website
Reply to topic
 

Page 1 of 1


  
You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events

   

This is a "Lo-Fi" version of our main content. To view the full version with more information, formatting and images, please click here.

Powered by Icy Phoenix based on phpBB
Generation Time: 0.5169s (PHP: 5% SQL: 95%)
SQL queries: 17 - Debug Off - GZIP Enabled