Administrator Tarun Posted March 13, 2008 Administrator Posted March 13, 2008 A fix has been applied to help with BBCode and DST bugs. Nesting custom bbcode in an improper fashion can result in the final HTML result of the bbcode being broken, and subsequently unwanted HTML injected into the tag. If used in specific fashions, a person could inject javascript event handlers into the final result. Additionally, we have added an "allowscriptaccess" parameter to flash movies parsed in IPB to prevent flash movies and avatars from having javascript access. These issues are mitigated due to the use of httpOnly cookies in IP.Board which limits the direct impact. Additionally, we have patched a recent bug with the automated DST checking in IPB that has surfaced since the recent DST changeover. If you have any issues please check your settings in your My Controls section and then post here. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.