Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

More severe skin issue / bug : non escaped stuff in ALT tags

Submitted Weppa333 , Apr 11 2012 04:52 AM | Last updated Dec 18 2012 07:51 PM

Maybe an international bug, but on my board there is a problem with the escaping of ALT tags put in board index and forum index
The alt tags attached to mini avatars, sometimes used as a title tags for links to profiles, is not escaped properly

Especially, single quotes are not escaped, breaking the entire HTML parsing in braindead browsers ( better browsers just ignore and continue, leaving a false sense of valid html)

AFAICS, these alt tags are not espaced AT ALL and I believe it's more a bug than a skin issue.

Status:	Cannot Reproduce
Version:	0
Fixed In:	0

13 Comments

Weppa333

Apr 11 2012 04:55 AM

Wasn't able to reproduce on this board. (in test forum). Escaped properly here.
.
So it's either fixed in 3.3.1, an internationalisation bug (your board has a different locale than mine) or my board is a piece of faeces configured by a moron (who knows

)

Weppa333

Apr 11 2012 04:58 AM

nah, even my board in unaffected with new topics
This is a more tricky bug than I thought

Seems it probably affects "last topics" generated BY THE BOARD ITSELF ( rebuild, recount, imports ?)

If the last topic is something a human recently posted, this bug doesn't appear or so it seems.

Weppa333

Apr 11 2012 05:04 AM

On my baord, even forum TITLES are affected; they are more than not escaped, they are broken after the first ' in the TITLE tag.

Basically, everything with a ' is going havok.

Weppa333

Apr 11 2012 05:09 AM

and this is not an importer issue ; if I rename a thread with this bug (containing " or ' ) the bug remains after renaming, it's iether "cutting" the string at the first ' or putting unescaped " in the title tags.

Same for other chars I guess, but the most critical are " and ' because they sometimes break the parser, depends on the context.

Weppa333

Apr 11 2012 05:11 AM

Yepie-kay mf ! Your board is affected too

http://community.inv...sting-messages/

Playing with this, I could do some serious trouble to this board, I won't enter details.

I suggest publishing a quickfix for 3.3.0 users. :sweat:

pretty please Matt

Matt

Apr 11 2012 05:14 AM

Are you sure?

Posted Image

Weppa333

Apr 11 2012 05:14 AM

Best fix would be for Matt to patch the recount&rebuild forum info/threads to be able to clean to entire forum of possible... Stuff that might already be in there. Otherwise, a simple fix for new threads wouldn't be a much help to fix html parsing issues.

I leave this to the professionnals, I talked to myself enough for today.

Matt

Apr 11 2012 05:15 AM

If you're looking with a browser's inspector tool, it will convert HTML entities in the debug display.

Posted Image

Weppa333

Apr 11 2012 05:19 AM

it's difficult for me to reproduce the "string cutting bug at the first ' " here because of the different locale between your board and my browser;

I'll try to reproduce the "title string cutted at first ' " instead of the escaping problem, otherwise it's too complicated to visualise on my browser. I'll post an update when I suceed CUTTING an ALT/ title string with a single quote over here.

Weppa333

Apr 11 2012 05:26 AM

before I ruin my own board (which has a lot of posts) with a test, if you've got a test install on your side, would you please test inserting single quotes in thread topics, then do a rebuild/recount of threads ?

I cannot see another explanation atm.

Weppa333

Apr 11 2012 05:27 AM

it's actually a recound rebuild of threads and last forum info.

Matt

Apr 11 2012 07:09 AM

This is a convertor issue. IPB encodes single and double quotes before they are entered into the database.

Mikey B

Dec 18 2012 07:51 PM

Updating Fixed In to: 0
Updating Status to: Cannot Reproduce
Updating Version to: 0

-

More severe skin issue / bug : non escaped stuff in ALT tags

13 Comments

Sign In