Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

Javascript in bbcode

 
Greenhorn
Posts: 5
1
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi guys.
I'm trying to add new bbcode for spoiler. According to this page I modified bb-config.xml adding this:
 
Tom Waw
Greenhorn
Posts: 5
1
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Unfortunetly pressed submit before finishing my post Sorry.
I also tried this one:

<match name="spoiler">
       <regex>(?s)\[spoiler\](.*?)\[/spoiler\]</regex>
       <replace>
       <![CDATA[
<div style="margin-bottom: 2px;">
   <b>Hidden text. </b>

   <input value="Show" type="button" style="margin: 0px; padding: 0px; width: 60px; font-size: 10px;"
          onclick="
                  if (this.parentNode.getElementsByTagName('div')[1].style.display != 'inline') {
                      this.parentNode.getElementsByTagName('div')[1].style.display = 'inline';
                      this.value = 'Hide';
                  } else {
                      this.parentNode.getElementsByTagName('div')[1].style.display = 'none';
                      this.value = 'Show';
                  }">

   <div style="border: 1px inset; padding: 6px; margin-top: 3px;">
       <div style="display: none;">{TEXT}</div>
   </div>
</div>

Everything shows correctly except onclick param.  Input doesn't have it. Should I add something somewhere else?
 
Saloon Keeper
Posts: 7627
177
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's tricky. JForum disallows the injection on JavaScript handlers on a code level (in the SafeHtml class, in case you're curious.) How about something like this:


On an unrelated subject: you are using the latest JForum version from SourceForge, yes? The original version from jforum.net has multiple security holes (and other bugs) that will never be fixed.
 
Tom Waw
Greenhorn
Posts: 5
1
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm using JForum ver. 2.4.1.

Thanks for reply but this isn't what I need. I wanted hide large amount of text in this tag e.g. change notes. So yeah it will be hide but still takes a lot of space :P

In one topic I found something like "attributes.welcome" (not really remember exaclty name ) for html. How about adding there "onclick" value?
 
Tim Moores
Saloon Keeper
Posts: 7627
177
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That would work for other attributes, but the code that removes Javascript handlers takes precedence over that setting.
 
Tom Waw
Greenhorn
Posts: 5
1
Android IntelliJ IDE Java
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Tim for advice. I did some customisation and posted changes if someone needs this too.

To bb_config.xml add following lines:

Note: in my code input is as one line. Here I broke line few times.

In SafeHtml added:



and added some unit test to cover changes (SafeHtmlTest)


I know that the js section is very ugly xD
hf
 
author & internet detective
Posts: 41967
911
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for sharing your code!
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic