|
By: anonymous
Date: 2005-06-09
Time: 23:40
|
TBS Breaks JavaScript Forms and Possibly Arrays
Thank you for you great app.
I have a javascript that has a line like:
... if (document.forms[0] ...
well, TBS replaces the first [ with the html equivalent [ (& # 9 1 ; without the spaces)
as indicated in the tbs.class.php code starting at line 1043
TBS should not break anything in the original html/php/etc. pages, but it does. In the meantime I commented out all the code between lines 1044 and 1050.
If all the tags in the templates start with [var. why not just use that to trigger the 'TBS protection'? Any ideas?
Thanks in advance.
|
|
By: anonymous
Date: 2005-06-09
Time: 23:50
|
Re: TBS Breaks JavaScript Forms and Possibly Arrays
The code commented out is from 1044 and 1051 inclusive and not between 1044 and 1050. Sorry about that.
One more thing is that JavaScript arrays with the [ ] are used a lot in many web applications thus having the [ and ] in the pages/code to merge in the templates is not such an uncommon thing in web sites.
Thx.
|
|
By: Pirjo Posio
Date: 2005-06-10
Time: 00:24
|
Re: TBS Breaks JavaScript Forms and Possibly Arrays
Hi,
See in this forum's "Your tips& tricks" section the message Skrol29 has written about 3 dependent selects, where he uses JavaScript. Maybe that helps you. I suppose the trick is to use parameter htmlconv=js.
|
|
By: Skrol29
Date: 2005-06-10
Time: 03:19
|
Re: TBS Breaks JavaScript Forms and Possibly Arrays
Hello,
By default, TBS protects all data that comes from outside the template.
Protecting "[var" is not enougth, "[onshow" and "[onload" are also automatically processed. But that's not all. Knowing the template, a malicious user can enter data with fieds of a knowed block.
You can avoid the TBS protection for each TBS fields you want.
All the template is not TBS protected. Only TBS fields. I use Javascript a lot, and I rarely need to explicitely unprotect TBS tags.
|
|
By: anonymous
Date: 2005-06-10
Time: 03:45
|
Re: TBS Breaks JavaScript Forms and Possibly Arrays
Thank you very much for your replies.
I checked the forum posting as suggested.
I have a TBS tag in the body of the template of the form:
[var.content;script=[val];getob]
I tried:
[var.content;script=[val];getob;htmlconv=no]
[var.content;script=[val];getob;htmlconv=js]
[var.content;script=[val];getob;htmlconv=no+js]
[var.content;script=[val];htmlconv=no+js;getob]
which did not work.
Now,
[var.content;script=[val];htmlconv=no+js]
or
[var.content;script=[val];htmlconv=js]
do solve the problem of replacing the [ character for its html counterpart; however the absence of getob causes the page to appear messed up; the var.content php script output appears before anything else in the page.
Any ideas?
Thx.
|
|
By: Skrol29
Date: 2005-06-10
Time: 10:02
|
Re: TBS Breaks JavaScript Forms and Possibly Arrays
What is your TBS version ?
|
|
By: anonymous
Date: 2005-06-10
Time: 14:28
|
Re: TBS Breaks JavaScript Forms and Possibly Arrays
I got:
Version: 2.01 for PHP >= 4.0.6
Date: 2005-01-03
Thx.
|
|
By: Skrol29
Date: 2005-06-10
Time: 14:39
|
Re: TBS Breaks JavaScript Forms and Possibly Arrays
A bug has been fixed inversion 2.02 about TBS protection and parameter script.
Before v 2.02, TBS protection was activated on fields that use parameter 'script'. It was a bug, because such tags cannot contain unwanted data.
So I suggest that you simply use the last version (now 2.02.3) and your problem will go away without even using 'htmlconv'.
|
|
By: anonymous
Date: 2005-06-10
Time: 19:07
|
Re: TBS Breaks JavaScript Forms and Possibly Arrays
Thank you very much.
TBS rules!
|
|
Posting in progress.
Please wait...
|