| Author |
 Topic  |
|
|
Etymon
Advanced Member
United States
2385 Posts |
 Posted - 21 July 2009 : 23:41:07
|
Does anyone know if the ChkString Function can be used to filter out malicious javascript found in CSS? What I want to do is pass CSS in a querystring.
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 22 July 2009 : 05:12:52
|
Can you provide a bit more detail on what you're doing exactly?
|
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
 |
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 22 July 2009 : 07:54:33
|
Ah, sure!
I am modding the Syndicated Links MOD to be able to CSS the text output. The way that mod works is it passes a querystring to the syndicate.asp file which in turn creates the output for the links. I want to chkstring the values for the querystring as they are transiting from Request.Form and then being passed as a url and then being caught again as a querystring to be placed into the generated HTHML output.
Thanks for the help, Shaggy!
|
|
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 22 July 2009 : 08:04:33
|
Below are the txt files for the two files in question. Note that they are currently set up and working on MS Access. I have been working on that database type for Andy Humm, but there is some MS SQL code in there as well. When I get some other things ironed out, I'll get back to the MS SQL code.
setupLinks.txt
syndicate.txt
|
|
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 22 July 2009 : 08:13:17
|
Oh, and also, I started out by helping Andy with a question on this MOD regarding events, so if you don't have the events mod installed on your test forum there might be some errors. If you have the poll mod on your test forums, kindly create the setting strPolls = 0 at the top of the two files. I added some functionality for the poll mod, but I am not at the point of finding the problems with that just yet. First, I will get Andy taken care of, and then I can move on with the poll mod.  |
|
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 22 July 2009 : 08:18:12
|
I don't know if strDBType = "access" will fake out a MS SQL or MySQL db into accepting MS ACCESS SQL. If it will, then put that at the top of the syndicate.txt file.
I am sure you know to convert the .txt to .asp on the file extensions, but for anyone reading this who doesn't know, that is what you have to do to get the files to work in your forums.
Etymon
|
|
|
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 22 July 2009 : 08:22:46
|
Also, a final stage to this MOD will be the option to save the form parameters to a table in setupLinks.asp and then from the table call out the parameters from syndicate.asp.
It will work a lot like a link shrinker, and hopefully people won't be able to randomly throw their own code into a sydicate.asp? querystring. There's a lot more I have to do before getting there, and it may just be in the next version. But if I can pass CSS attributes that way and not the way that I am asking about in the files above, then I'll have to wait and add the save feature to this version. I hope that makes sense to you.
Here's an example:
Instead of having syndicate code to paste somewhere into your other code that looks something like this:
<script type="text/javascript" src="http://yourdomain/yourforum/syndicate.asp?type=events_only&method=last_post&results=10&age=300&cid=1&fid=2&hy=after_dates&hys=y&csshysc=font-size:8pt;font-family:Verdana,Arial,Helvetica;&csshysr=font-size:8pt;font-family:Verdana,Arial,Helvetica;&b=y&bt=css&ccsbt=circle&ccsbp=inside&ccsbpu= &ccsbpf=font-size:8pt;font-family:Verdana,Arial,Helvetica;&lr=y&re=y&cssfsubject=font-size:8pt;font-family:Verdana,Arial,Helvetica;&cssfont=font-size:10pt;font-family:Verdana,Arial,Helvetica;&cssanchor=text-decoration:none;font-family:Verdana,Arial,Helvetica;&cssreplycount=font-size:8pt;font-family:Verdana,Arial,Helvetica;&cssviewcount=font-size:8pt;font-family:Verdana,Arial,Helvetica;&csslpd=font-size:8pt;font-family:Verdana,Arial,Helvetica;&hyss=0&res=3&vis=0&si=y&pf=y"></script>
The syndicate code could look something like this:
<script type="text/javascript" src="http://yourdomain/yourforum/syndicate.asp?link=newname"></script>
What this does is allows the forum admin to apply previous settings from a drop down list or make a new name that is "short and memorable" instead of having to redo all of the settings just to make a minor change from memory or from looking at the URL of some other syndicated link setup.
Also, he can use his own easy-to-remember naming conventions for each of his own different types of settings such as some for polls, some for events, some for topics, and some for everything. |
Edited by - Etymon on 22 July 2009 08:38:38 |
|
|
| |
Topic |
|
|
|
CSS and ChkString
