Web Wiz Forums - Weird encoding during Save

Print Page | Close Window

Weird encoding during Save

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=31562
Printed Date: 28 March 2026 at 9:35am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: Weird encoding during Save

Posted By: EOB
Subject: Weird encoding during Save
Date Posted: 20 August 2018 at 8:55am

Hi there, got a weird situation recently. I am running the latest version of your forum-software (v12.01). Recently i often got a wrong encoding in forumposts esspecially in the filenames (pictures in posts) in the code. The system changes 'o' to 'o' during saving the post. This is not browser dependant. This leads to not finding the pictures. An example would be 'boxcontent' is saved as 'boxcontent'. Not every letter of 'o' gets changed.

i am totally out of ideas and would apprecciate any help or idea greatly!

Manuel

Replies:

Posted By: WebWiz-Bruce
Date Posted: 20 August 2018 at 4:29pm

The part 'on' would be encoded be security filters to prevent, CSS hacks, XSS, XSFR, etc.

This was introduced some 5 years back, but have not heard of it causing any issues with the display of posts.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: EOB
Date Posted: 20 August 2018 at 4:44pm

Thank you for this information. This situation is not rendered during display but during the saving process. The changed letter is in the message field in the database.

Could it be that some files are old in my Installation. Xss-hacking prevention seems a possible reason. Do you have any hints for the files doing this hacking prevention?

Posted By: WebWiz-Bruce
Date Posted: 21 August 2018 at 9:06am

That is how it is meant to work.

When the post is saved the security filters will HTML encode certain words.

When those HTML encoded words are displayed in a post the web browser will show the correct character in the browser.

So for example if you tried to inject an 'onclick' event in to a post it would be saved as 'oonclick' the browser when displaying the post will decode the HTML encoding and display 'onclick' however if this element was within a link the HTML encoding causes the 'onclick' event to fail.

Posted By: EOB
Date Posted: 21 August 2018 at 7:26pm

Okay, thanks for the explanation but i already knew how this prevention works. The word 'boxcontent' doesn't fit in any harming constellation or am i missing something? i cannot understand how this triggers here.

Posted By: WebWiz-Bruce
Date Posted: 22 August 2018 at 6:51am

Many JavaScript and Visual Basic events in web browsers use the word 'on' for 'onclick', 'onmouseover', 'onload', 'onkeydown', 'onCopy', 'onError', 'onBefore', and many others.

The filters therefore HTML encode any word with 'on' in it to 'on'.