• Post Reply Bookmark Topic Watch Topic
  • New Topic

Javascript in bbcode  RSS feed

 
Greenhorn
Posts: 5
1
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi guys.
I'm trying to add new bbcode for spoiler. According to this page I modified bb-config.xml adding this:
 
Tom Waw
Greenhorn
Posts: 5
1
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Unfortunetly pressed submit before finishing my post Sorry.
I also tried this one:

<match name="spoiler">
        <regex>(?s)\[spoiler\](.*?)\[/spoiler\]</regex>
        <replace>
        <![CDATA[
<div style="margin-bottom: 2px;">
    <b>Hidden text. </b>

    <input value="Show" type="button" style="margin: 0px; padding: 0px; width: 60px; font-size: 10px;"
           onclick="
                   if (this.parentNode.getElementsByTagName('div')[1].style.display != 'inline') {
                       this.parentNode.getElementsByTagName('div')[1].style.display = 'inline';
                       this.value = 'Hide';
                   } else {
                       this.parentNode.getElementsByTagName('div')[1].style.display = 'none';
                       this.value = 'Show';
                   }">

    <div style="border: 1px inset; padding: 6px; margin-top: 3px;">
        <div style="display: none;">{TEXT}</div>
    </div>
</div>

Everything shows correctly except onclick param.  Input doesn't have it. Should I add something somewhere else?
 
Saloon Keeper
Posts: 4089
98
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's tricky. JForum disallows the injection on JavaScript handlers on a code level (in the SafeHtml class, in case you're curious.) How about something like this:


On an unrelated subject: you are using the latest JForum version from SourceForge, yes? The original version from jforum.net has multiple security holes (and other bugs) that will never be fixed.
 
Tom Waw
Greenhorn
Posts: 5
1
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm using JForum ver. 2.4.1.

Thanks for reply but this isn't what I need. I wanted hide large amount of text in this tag e.g. change notes. So yeah it will be hide but still takes a lot of space :P

In one topic I found something like "attributes.welcome" (not really remember exaclty name ) for html. How about adding there "onclick" value?
 
Tim Moores
Saloon Keeper
Posts: 4089
98
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That would work for other attributes, but the code that removes Javascript handlers takes precedence over that setting.
 
Tom Waw
Greenhorn
Posts: 5
1
Android IntelliJ IDE Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Tim for advice. I did some customisation and posted changes if someone needs this too.

To bb_config.xml add following lines:

Note: in my code input is as one line. Here I broke line few times.

In SafeHtml added:



and added some unit test to cover changes (SafeHtmlTest)


I know that the js section is very ugly xD
hf
 
author & internet detective
Marshal
Posts: 37698
575
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for sharing your code!
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!