HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

I cannot post javascript code in discussion

ThomasHoiThomasHoi New
edited July 2014 in Vanilla 2.0 - 2.8

Hi all,

I'm using Vanilla version 2.0.18.8, activated "allow raw format" plugin. I posted a javascript code that should show a form but it didn't even though the preview mode shows the form.

However, the form does work in the comments.

This is the page I'm talking about -> http://interiordesignsingapore.com/forums/discussion/346/hdb-3-room-blk-729-clementi-west

Anyone here can show me how to make the form show up in the discussion post?

Thanks.

Best Answers

Answers

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    Great design ! May I ask why you are not using the most recent Vanilla version 2.1 Stable?
    I see the form using a Mac and Safari browser

    peregrine
  • @vrijvlinder said:
    Great design ! May I ask why you are not using the most recent Vanilla version 2.1 Stable?
    I see the form using a Mac and Safari browser

    I'm still testing the plugins and will be upgrading soon. Do you think 2.1 stable will allow javascript code in the discussion post?

    Thanks.

  • peregrineperegrine MVP
    edited July 2014

    If you want to make your forum prone to xss and allow users to post js in the body of a post to take control of your site, you can do that in 2.1 as well. not sure if I would recommend it though.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

    vrijvlinder
  • vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited July 2014

    You should actually put the code inside a message box or a module so it shows in every page and you don't risk opening your site to exploits

    In the dashboard go to messages and select new message a form opens put code in there select panel or content and save

    Unless various people have a form for each design ? In that case I would add the forms per category, each designer is a category that way you can discriminate who has what form.

    Allowing js from people in the comments is risky. They can hijack the form.Insert malicious scripts without knowing.

    peregrine
  • peregrineperegrine MVP
    edited July 2014

    you could use discussionpolls as a guide to implementing your form within posts, it is far safer, than to allow users to post js in the body of a comment.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

    vrijvlinder
  • Thanks for all the suggestions. The problem is I need to have a different form for different designer. Currently, I have 10 designers and they will each have their own form to collect leads.

    I'm thinking of using pockets for the javascript code and then use conditions to show the pockets.

    For example, if the discussion is started by "9 Degree", then show the pocket (form for 9 degree) in the discussion.

    Do you think this is possible?

  • By the way, how do i disable javascript code in comments?

Sign In or Register to comment.