Spoiler tags revisited
This javascript in the href allows cookie stealing of the gamedev.net users,<br>thats not so good ^^<br>
Well hodgman just solved our problem (and made me a little more interested in javascript). So you know the drill, give him your love (love = points)!<br><br>And hodgman... I'm blinded by your awesomeness.<br><br>edit: I'm not going to name names but... THAT is how you participate in a thread [wink]
Quote:Original post by marcjulian
This javascript in the href allows cookie stealing of the gamedev.net users,<br>thats not so good ^^<!--QUOTE--></td></tr></table></BLOCKQUOTE><!--/QUOTE--><!--ENDQUOTE--><br>I agree. While the insertion of arbitrary javascript can do cool things it also allows for XSS attacks.
Well I'll have to agree that the coolness of such code does not outweigh the security of the site (though... i kinda wish it did). But I used Hodgman's code in a non-Lounge thread with success.
So Superpig, do you want us to not use that code ever again?
So Superpig, do you want us to not use that code ever again?
This has wowed and scared me at the same time.
If Gamedev ever puts the login form (user and password) at the top toolbar, goodbye passwords. Even now the "Login" link can be changed to a phished site. This is really really bad.
If Gamedev ever puts the login form (user and password) at the top toolbar, goodbye passwords. Even now the "Login" link can be changed to a phished site. This is really really bad.
That is pretty cool haha.
Though I think there is an easier solution, that might be a bit easier and not any security threats.
Create custom [ spoiler ] [ /spoiler ] tags, much like the source and code tags that are already available. Then when a person uses them, use the forum software to change it to something like so:
Then use the CSS headers for the different themes to specify the appearance for them. Just use the color and background-color properties, and set them to the same so that it cannot be read unless highlighted. You could also make the spoiler text a dead link, so you can use the .spoiler:hover psuedo-class. That way you can have it set the text color to a contrasted color to make it readable. You could also get fancy and add a border around the spoiler text, with a caption on the top saying that it was spoiler text.
Edit: Oh I guess that was already mentioned, hadn't read the other thread yet, assumed it was the one that had the spoiler in it that didn't work as planned.
Though I think there is an easier solution, that might be a bit easier and not any security threats.
Create custom [ spoiler ] [ /spoiler ] tags, much like the source and code tags that are already available. Then when a person uses them, use the forum software to change it to something like so:
<span class="spoiler">Spoiler Text Goes Here!</span>Then use the CSS headers for the different themes to specify the appearance for them. Just use the color and background-color properties, and set them to the same so that it cannot be read unless highlighted. You could also make the spoiler text a dead link, so you can use the .spoiler:hover psuedo-class. That way you can have it set the text color to a contrasted color to make it readable. You could also get fancy and add a border around the spoiler text, with a caption on the top saying that it was spoiler text.
Edit: Oh I guess that was already mentioned, hadn't read the other thread yet, assumed it was the one that had the spoiler in it that didn't work as planned.
Quote:Original post by Oluseyi
A [spoiler] tag of some sort is in the spec for the next version of the site.
...which will be rolling out in 2020 ;)
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
