View Single Post
  #7  
Old 06 Jan 2014, 22:36
profanitytalker's Avatar
profanitytalker profanitytalker is offline
 
Join Date: Nov 2006
Originally Posted by T2x View Post
The mod apparently looks for ranker embed codes when posts are made and pulls out a few variables then generates a bb code tag which vbulletin automatically sanitizes.

When parsing the post for bbcode, if the user has image posting permissions it will generate this code


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I can also see they are preventing xss injection in the href attribute by validating that the url conforms to this regex:
Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.
I appreciate verifying the plugin. Cheers to ya! We made sure that the plugin is safe to install. I think Birdsofprey was referencing the last post I made (no plugin) where I suggested to enable HTML on the board - which is a big no no.
Reply With Quote