HTML abuse in PMs
Earlier today I received a few PMs with download links embedded in <img> HTML tags.
The links were to Linux ISOs which were about 4GB each, and Graal tried to automatically download the files when I opened the PM. I'm concerned because somebody could use the same method to link to more malicious files, and Graal no longer has an option to disable HTML in PMs. |
I just heard about this, myself. Even if we had an option to "disable HTML" implemented, now, people who choose not to disable it would be still prone. It wasn't so fun even getting PMs of ACTUAL images, at times, when the image itself was bigger than the PM window. Maybe HTML tags such as IMG need to be entirely removed.
|
I like images in HTMLs.
Lucas has been hosting a lot of cool events on Era making excellent use of images in PMs to describe the event and such. ISO is technically an image format though, except it's an image of an executable so it's not really safe. If there were some way to limit the img tags to gifs, pngs & jpgs, and maybe even a filesize or image dimensions limit, that'd be nice. |
Yes will add a filter to only allow local server files in img tags.
|
Quote:
|
Quote:
Stefan, I think you should limit external links to ones with no extension, .html, .htm and maybe .php or .phtml. Edit: And images, of course :o! |
Quote:
|
Afaik, ISO files will NOT execute on their own, ever. I dont know of any program that auto opens them when you download them, and as long as you dont open it, who cares. Just delete it.
And Stefan, making it so only local images can be displayed with IMG tags kinda defeats the purpose of it. How about making a serveroption for "trusted domains" that staff could alter? Sorta like... trusteddomains=imageshack.com,photobucket.com,graa lonline.com And so fourth. Just throwing it out there.. |
Quote:
|
Haha Linux pride!
Anyhoo, perhaps just filter out remote files > 2mb (screw BMPs) and to .jpg, .gif and .png. |
Quote:
Quote:
On the other hand, it's possible to append large files onto a jpg image and <img> tag them. |
1 Attachment(s)
You know, PM windows could be so much better. Going a little off topic, but I think PM's would be much better if they used something like BB Code along side a WYSIWYG or standard editor. The current features are pretty hidden, and not everyone knows you can embed images, but why? There probably should be a smileys menu instead of relying on going to the forums, and there should be a list of features somewhere.
Hmm.. heres a quick example mockup.. |
Nice ;)
|
Quote:
Quote:
|
Would be interesting if someone could script that, may be for the start add some "<b>" tags and similar.
For filtering it will allow the npcserver to send any tags, but filter the PMs of players to not allow urls, only local server files. |
All times are GMT +2. The time now is 05:18 PM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.