[Tiki-devel] The return of agent <x>(in 17x) !

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[Tiki-devel] The return of agent <x>(in 17x) !

Bernard Sfez-3
Hi,

From a fresh 17x, when I write "monkey" in a wiki page (wiki syntax) and reopen to edit it turn to be "mon<x>key".


Bernard Sfez | bsfez.com


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Tiki-devel] The return of agent <x>(in 17x) !

Nelson Ko-3
I came across this. This is due to our xss filter which has as part of the blacklist "onkey", so monkey and donkey get caught as well. Didn't get far in fixing it... sorry.

On Sun, Jul 2, 2017 at 7:32 AM, Bernard Sfez <[hidden email]> wrote:
Hi,

From a fresh 17x, when I write "monkey" in a wiki page (wiki syntax) and reopen to edit it turn to be "mon<x>key".


Bernard Sfez | bsfez.com


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Tiki-devel] The return of agent <x>(in 17x) !

lindon-4
Tiki 16 has the same filter but not the same bug.

On Jul 2, 2017, at 10:20 AM, Nelson Ko <[hidden email]> wrote:

I came across this. This is due to our xss filter which has as part of the blacklist "onkey", so monkey and donkey get caught as well. Didn't get far in fixing it... sorry.

On Sun, Jul 2, 2017 at 7:32 AM, Bernard Sfez <[hidden email]> wrote:
Hi,

From a fresh 17x, when I write "monkey" in a wiki page (wiki syntax) and reopen to edit it turn to be "mon<x>key".


Bernard Sfez | bsfez.com


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Tiki-devel] The return of agent <x>(in 17x) !

Dr. Sassafras
This is to filter the onkey events. It should probably be replaced with:
  1. onkeydown
  2. onkeypress
  3. onkeyup
I thought those blacklisted words were only suppose to be checked within HTML attributes... could this be part of a larger issue?

Brendan

On Jul 2, 2017, at 10:23 AM, lindon <[hidden email]> wrote:

Tiki 16 has the same filter but not the same bug.

On Jul 2, 2017, at 10:20 AM, Nelson Ko <[hidden email]> wrote:

I came across this. This is due to our xss filter which has as part of the blacklist "onkey", so monkey and donkey get caught as well. Didn't get far in fixing it... sorry.

On Sun, Jul 2, 2017 at 7:32 AM, Bernard Sfez <[hidden email]> wrote:
Hi,

From a fresh 17x, when I write "monkey" in a wiki page (wiki syntax) and reopen to edit it turn to be "mon<x>key".


Bernard Sfez | bsfez.com


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Tiki-devel] The return of agent <x>(in 17x) !

luciash d' being
In reply to this post by Bernard Sfez-3

:D


On 2.7.2017 13:32, Bernard Sfez wrote:
Hi,

From a fresh 17x, when I write "monkey" in a wiki page (wiki syntax) and reopen to edit it turn to be "mon<x>key".


Bernard Sfez | bsfez.com



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Tiki-devel] The return of agent <x>(in 17x) !

Cloutier, Philippe (DGARI-Consultant)
In reply to this post by Dr. Sassafras

Ah, our fonkey filters… apologies for the fonkey formatting below.

 

De : Dr. Sassafras [mailto:[hidden email]]
Envoyé : 2 juillet 2017 10:33
À : Tiki developers <[hidden email]>
Objet : Re: [Tiki-devel] The return of agent <x>(in 17x) !

 

This is to filter the onkey events. It should probably be replaced with:

  1. onkeydown
  2. onkeypress
  3. onkeyup

[Philippe Cloutier] Right

I thought those blacklisted words were only suppose to be checked within HTML attributes... could this be part of a larger issue?

[Philippe Cloutier] The filters don’t know where the parameters will be output. Their behavior for a parameter just depends on how filtering for that parameter was configured.


Brendan


On Jul 2, 2017, at 10:23 AM, lindon <[hidden email]> wrote:

Tiki 16 has the same filter but not the same bug.

 

On Jul 2, 2017, at 10:20 AM, Nelson Ko <[hidden email]> wrote:

 

I came across this. This is due to our xss filter which has as part of the blacklist "onkey", so monkey and donkey get caught as well. Didn't get far in fixing it... sorry.

 

On Sun, Jul 2, 2017 at 7:32 AM, Bernard Sfez <[hidden email]> wrote:

Hi,

 

From a fresh 17x, when I write "monkey" in a wiki page (wiki syntax) and reopen to edit it turn to be "mon<x>key".

 

 

Bernard Sfez | bsfez.com

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel

 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel

 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Tiki-devel] The return of agent <x>(in 17x) !

luciash d' being

Fonkey :D Ha ha, good one, Philippe! :) Why do you use such fonkey formatting btw? No option to use different e-mail client or write from Gmail at your workplace? :-p

luci


On 3.7.2017 16:27, Cloutier, Philippe (DGARI-Consultant) wrote:

Ah, our fonkey filters… apologies for the fonkey formatting below.

 

De : Dr. Sassafras [[hidden email]]
Envoyé : 2 juillet 2017 10:33
À : Tiki developers [hidden email]
Objet : Re: [Tiki-devel] The return of agent <x>(in 17x) !

 

This is to filter the onkey events. It should probably be replaced with:

  1. onkeydown
  2. onkeypress
  3. onkeyup

[Philippe Cloutier] Right

I thought those blacklisted words were only suppose to be checked within HTML attributes... could this be part of a larger issue?

[Philippe Cloutier] The filters don’t know where the parameters will be output. Their behavior for a parameter just depends on how filtering for that parameter was configured.


Brendan


On Jul 2, 2017, at 10:23 AM, lindon <[hidden email]> wrote:

Tiki 16 has the same filter but not the same bug.

 

On Jul 2, 2017, at 10:20 AM, Nelson Ko <[hidden email]> wrote:

 

I came across this. This is due to our xss filter which has as part of the blacklist "onkey", so monkey and donkey get caught as well. Didn't get far in fixing it... sorry.

 

On Sun, Jul 2, 2017 at 7:32 AM, Bernard Sfez <[hidden email]> wrote:

Hi,

 

From a fresh 17x, when I write "monkey" in a wiki page (wiki syntax) and reopen to edit it turn to be "mon<x>key".

 

 

Bernard Sfez | bsfez.com

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel

 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel

 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel