Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product

In this Discussion

Ready to contribute?

Amazing! Sign our contributors' agreement and then join us on GitHub.

Update for critical security issue in PHPMailer included in release Vanilla 2.3.1

Links - Best Practice w/ Embeded Forum

donovanbdonovanb New
edited June 13 in Vanilla 2.3 Help

Hello!

Okay, I have a question about allowing links when using the embed feature. The main issue is that, if not correctly entered, links can embed entire forum site into the iFrame, perhaps endlessly.

I have allowed HTML and Markdown... so I can do links like:
[here ](/forum#/categories/editor "here ")
or
<a href="http://www.yourdomain.com/subscribe" class="btn btn-link" >LINK</a>
or
<a href="/forum#/categories/member-off-topic" class="btn btn-link" target="_parent">here</a>

So, for example, this link:
<a href="/forum#/categories/member-off-topic" >here</a>

Will embed the entire site. Changing the above to:
<a href="/forum#/categories/member-off-topic" target="_parent">here</a>

will correct the link to parent... however, then any links to that page also have to call parent in order to work.

Instead, all calls could be hard coded:
<a href="http://www.yourdomain.com/subscribe" >LINK</a>

This "fixes" any embed issues... but what if you have a dev site that you practice with.. dev.yourdomain.com.. then it's annoying to hard code links because none of them work when in dev.

What's your guys solution for this problem.. I want to make it easy for users to add links in their posts that just simply work and don't cause problems. The only thing I have come up with that seems reliable is to require the FQDN in links. They won't work in Dev, but maybe that is Okay.

Thanks!
Donovan

Comments

Sign In or Register to comment.