Notifications
Clear all

wpForo 1.x.x broken posts

28 Posts
6 Users
1 Likes
1,532 Views
exekutive
Posts: 42
Topic starter
(@exekutive)
Eminent Member
Joined: 2 years ago

I get a lot of broken posts like this

https://carkiller.com/scottykilmer/qa/is-this-tacoma-too-good-to-be-true/

Looks like posted HTML doesn't get sanitized

27 Replies
Robert
Posts: 9912
Admin
(@robert)
Support Team
Joined: 7 years ago

Your content is crashed. You've inserted incorrect content and crashed the HTML. You should edit the content and try to fix HTML code of your posts. In other words this is  a result of inaccurate data inserting, there is no any bug or problem from wpForo side, the problem comes from your crashed HTML code in the first post of this topic.

Related topics:

Please read my answers in the topic above and be careful when adding a copied content in the post editor.

BTW, when you're adding YouTube Video URL in the post, don't put it as link, make sure it's plain text URL, so just edit the first post and remove the link from YouTube URLs, just insert a URL.

 

Reply
5 Replies
exekutive
(@exekutive)
Joined: 2 years ago

Eminent Member
Posts: 42

@robert I have no control over what users post. This should have been caught by the software like all decent forum software does. I cannot click the edit button, or any other link or button on that page.

Reply
Robert
Admin
(@robert)
Joined: 7 years ago

Support Team
Posts: 9912

@exekutive,

nobody and nothing can control damaged HTML. There is no way to scan damaged HTML in the pot content. If somebody can suggest some code, we'll add it in wpForo for sure.

Reply
exekutive
(@exekutive)
Joined: 2 years ago

Eminent Member
Posts: 42

@robert you should. It's probably a security problem too if people can inject HTML

Reply
dimalifragis
(@dimalifragis)
Joined: 3 years ago

Noble Member
Posts: 1822

@exekutive Nope, it is sanitized. We are in 2021 and all that has been taken care of ages ago.

Just nobody can control stray html code with formating.

Reply
Robert
Admin
(@robert)
Joined: 7 years ago

Support Team
Posts: 9912

@exekutive,

There is no way to inject HTML by dangerous things. wpForo filters all dangerous HTML tags and JS codes, so you have nothing to worry here. The HTML injection is 100% secure, it's just a structural issue, nothing else.

Reply
exekutive
Posts: 42
Topic starter
(@exekutive)
Eminent Member
Joined: 2 years ago

Maybe it isn't dangerous, but it breaks the page and it's annoying.

There's no way to control what users post, and there's no way to edit the post so ... what's the solution ?

Reply
exekutive
Posts: 42
Topic starter
(@exekutive)
Eminent Member
Joined: 2 years ago

This is still happening and it's very annoying. There is no way to fix it or prevent it.

No other forum software I've used in 15 years does this.

This is a BUG.

Reply
1 Reply
Chris
Admin
(@chris)
Joined: 1 year ago

Support Team
Posts: 2385

Hi @exekutive,

We have tried to crush a post like it was in your forum by the wpForo default form/TinyMCE, but we couldn't reach that the form fixes the HTML before posting. Can you say what method has been used to create that post? Can it be a Cross Posting?

Also, what is the editor form set to, Visual Editor or Text Editor ?

Reply
exekutive
Posts: 42
Topic starter
(@exekutive)
Eminent Member
Joined: 2 years ago

Visual editor.

I think it happens when copy+pasting wpforo content. Specifically, if make a selection that includes a bunch of answers and comments, and the little user info panels.

Here's a recent example:

https://carkiller.com/scottykilmer/qa/2007-mazda-3-2-3l-manual-coolant-leak-what-could-be-the-cause/

 

The other time I've seen it happen is when people post Youtube videos or embeds. So there could be partial HTML or something.

 

Reply
10 Replies
Chris
Admin
(@chris)
Joined: 1 year ago

Support Team
Posts: 2385

@exekutive,

No results, we can not do that, I don't know how your user crush the Topics. The only solution is to manually remove them.

Reply
exekutive
(@exekutive)
Joined: 2 years ago

Eminent Member
Posts: 42
Posted by: @chris

@exekutive,

No results, we can not do that, I don't know how your user crush the Topics. The only solution is to manually remove them.

Maybe this helps:

If you go to the example I linked above and view the source, a couple of lines after the youtube iframe embed, there is malformed html tag:

 

<p>/p></p>

 

Reply
exekutive
(@exekutive)
Joined: 2 years ago

Eminent Member
Posts: 42

if you look at the source of the page in my original post, there is another open tag

 

<p>A"></p>
Reply
dimalifragis
(@dimalifragis)
Joined: 3 years ago

Noble Member
Posts: 1822

@exekutive Please go to one offending post or topic, go to the SOURCE ( {;} ) copy the CODE without touching it), zip it and attach it here.

I will take it and post it to my forum and see if it breaks anything.

Is that a safisfying solution for you?

Reply
exekutive
(@exekutive)
Joined: 2 years ago

Eminent Member
Posts: 42

@dimalifragis 

that is not a solution, nor satisfying.

Reply
Tutrix
(@tutrix)
Joined: 3 years ago

Noble Member
Posts: 827

@exekutive 

edit this post

https://carkiller.com/scottykilmer/postid/174958/

and change this part of code

<p <div="" class="wpf-embed" style="width: 480px; height:320px">

to this

<p> <div class="wpf-embed" style="width: 480px; height:320px">

 

Reply
exekutive
(@exekutive)
Joined: 2 years ago

Eminent Member
Posts: 42

@tutrix the edit button doesn't do anything

Reply
Tutrix
(@tutrix)
Joined: 3 years ago

Noble Member
Posts: 827

@exekutive 

then edit the post in the database 😉 
https://www.screencast.com/t/IrbulhWdaF

Reply
exekutive
(@exekutive)
Joined: 2 years ago

Eminent Member
Posts: 42

@tutrix I shouldn't need to do that.

Reply
Tutrix
(@tutrix)
Joined: 3 years ago

Noble Member
Posts: 827
Posted by: @exekutive

@tutrix I shouldn't need to do that.

Well if you don't want to change anything then leave it as it is

Reply
Page 1 / 2