View Full Version: Javascript in Posts

Big Boards > IF Administration & Moderation > Javascript in Posts



Title: Javascript in Posts
Description: the secret trick


Loth - July 5, 2007 05:42 AM (GMT)
If you use an InvisionFree board and have wanted to put a script into your post, you've found out by now that the [doHTML] tag doesn't make it work. One would think that this is the end of the line and that you simply cannot post javascripts, but there is in fact a trick!

IF has some security measures in place to prevent harmful code from being posted by your members. When it sees keywords like "script" and "onClick" it disables them. So you have to trick the board software. I'll teach you how. :)

First, you need a script. I'll use a sample to show you precisely how to manipulate it. I'll be using the following:
CODE
[doHTML]<script type="text/javascript">
document.write("Hello World!")
</script>[/doHTML]

Notice that this piece of code has the key word "script" inside the opening < >'s.

The work around is to break up the key word with [/doHTML][doHTML] sandwiched in the middle of the keyword. It closes the doHTML tag and then immediately re-opens it. The filter then doesn't see the keyword because it's got the extra stuff in it, but the two bits of HTML still flow together and produce the working script.

The modified code would then look like this:
CODE
[doHTML]<scr[/doHTML][doHTML]ipt type="text/javascript">
document.write("Hello World!")
</script>[/doHTML]



Important Things to Remember
  • You have to enable the use of the doHTML tag for your member group.
  • You have to also enable use of the doHTML tag on a per-forum basis.
  • It's never a good idea to let members use the doHTML tag, especially now that you know there's a trick to posting scripts. They could post a script that might be harmful.
  • Keywords include: <script>, onClick, onMouseOver, and other javascript-only functions. If your script isn't working still, look for more instances of these types of things.
  • You don't need to use the trick on </script>, that particular keyword is only filtered in opening script tags.
Documentation written by Lothlómendil of Arda. Do not repost without permission.

P.S. I was actually inspired to write this because I realized I've been here before, because someone posted this topic and I came to see what it was about. Irony! :haha:

HelenaZF - August 19, 2007 09:50 PM (GMT)
Wow...this is a little nugget that could come in very handy. How did I miss this post till now??? Thanks, Loth!

Good warning about not giving members HTML privileges. (And people can learn a lot of things from quoting posts.... :ermm: )

RHRey - March 6, 2008 01:19 AM (GMT)
Wow, nice job Loth, like Helena said, it can come in handy!




Hosted for free by InvisionFree