HTML disabled but forum allows Javascript

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Gabrielt
    Member
    • Apr 2007
    • 96
    • 3.6.x
    #1

    HTML disabled but forum allows Javascript

    Hello,

    Our administrator found a potential security breach with vBulletin 3.8.7. Even though HTML code is disabled for messages, users can post Javascript code and the browser will interpret the Javascript code. We need to find a way to disable the insertion of Javascript code in messages. Any ideas?

    Thanks,
    Gabriel.
    Tags: None
    • Zachery
      Former vBulletin Support
      • Jul 2002
      • 59097
      #2
      Are you sure html is disabled? What is this javascript code that is getting though? Do you have any third party addons or modifications?

        Comment

        • Gabrielt
          Member
          • Apr 2007
          • 96
          • 3.6.x
          #3
          Hello,

          We found out that an advertisement script that is installed is the curlpit. With this script installed, the JavaScript code is run, with it disabled it isn't. So, it isn't a bug with vBulletin, but a bug with this particular advertisement script. I will contact the developer. Thank you for your attention.

            Comment

            Previous template Next

            Related Topics

            Collapse
            • lange
              Embed a script
              by lange
              Hi,

              I would like to embed a script inside a static HTML widget. The script is provided by a more or less well-known HTML5 games website and has content similar to the following code:
              ...
              Fri 24 Dec '21, 9:44am
            • z-at-ox
              Can I have scripts in posts?
              by z-at-ox
              I understand that this is an security risk if everyone can do it, but can i make it so admins can place scripts in posts?

              The script I am talking about.

              Code:
              <span id="a2itemwidget"></span>
              ...
              Thu 9 May '13, 10:27am
            Working...