Jump to content

DST Bug Fix and Security Enhancements

Tarun
 Share

Recommended Posts

  • Administrator
Tarun Grand Master

Tarun

Posted
  • Administrator
Posted

A fix has been applied to help with BBCode and DST bugs.

Nesting custom bbcode in an improper fashion can result in the final HTML result of the bbcode being broken, and subsequently unwanted HTML injected into the tag. If used in specific fashions, a person could inject javascript event handlers into the final result. Additionally, we have added an "allowscriptaccess" parameter to flash movies parsed in IPB to prevent flash movies and avatars from having javascript access. These issues are mitigated due to the use of httpOnly cookies in IP.Board which limits the direct impact.

Additionally, we have patched a recent bug with the automated DST checking in IPB that has surfaced since the recent DST changeover.

If you have any issues please check your settings in your My Controls section and then post here.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...