Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Supported HTML tags error message
Message
 
To
17/04/2015 04:35:23
Al Doman
M3 Enterprises Inc.
North Vancouver, British Columbia, Canada
General information
Forum:
Level Extreme
Category:
Other
Title:
Re: Supported HTML tags error message
Miscellaneous
Thread ID:
01618573
Message ID:
01618609
Views:
55
>How is that a problem here? Your previous message doesn't render with any active content...

I was just fixing this up. Actually looks like Michel has fixed a lot of them now (used to be able to get ANY tag to work just by putting spaces between the brackets)

But the following vulnerability still exists:

Click here for cross Site Scripting Exposure here

It'll pop up an alert box, but this can be used to get people to click and capture say your cookie here. But at least the drive-by XSS attacks look like they are addressed now.

+++ Rick ---
>
>>There are actually huge security holes here. You can pretty much add any attribute if you leave spaces between the brackets.
>>
>>< script >alert('Gotcha')< /script >
>>
>>test
>>
>>+++ Rick ---
>>
>>>If you try to preview or save a message with an unsupported HTML tag you get an error message. The message lists the tags that are supported, but that list is incomplete.
>>>
>>>For example, the Superscript tag is supported.
+++ Rick ---

West Wind Technologies
Maui, Hawaii

west-wind.com/
West Wind Message Board
Rick's Web Log
Markdown Monster
---
Making waves on the Web

Where do you want to surf today?
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform