Web Wiz - Solar Powered Eco Hosting

  New Posts New Posts RSS Feed - Weird encoding during Save
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Weird encoding during Save

 Post Reply Post Reply
Author
EOB View Drop Down
Newbie
Newbie


Joined: 20 August 2018
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote EOB Quote  Post ReplyReply Direct Link To This Post Topic: Weird encoding during Save
    Posted: 20 August 2018 at 8:55am
Hi there, got a weird situation recently. I am running the latest version of your forum-software (v12.01). Recently i often got a wrong encoding in forumposts esspecially in the filenames (pictures in posts) in the code. The system changes 'o' to 'o' during saving the post. This is not browser dependant. This leads to not finding the pictures. An example would be 'boxcontent' is saved as 'boxcontent'. Not every letter of 'o' gets changed.

i am totally out of ideas and would apprecciate any help or idea greatly!

Manuel


Edited by EOB - 20 August 2018 at 10:22am
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Poole
Status: Offline
Points: 9526
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 20 August 2018 at 4:29pm
The part 'on' would be encoded be security filters to prevent, CSS hacks, XSS, XSFR, etc. 

This was introduced some 5 years back, but have not heard of it causing any issues with the display of posts. 
Back to Top
EOB View Drop Down
Newbie
Newbie


Joined: 20 August 2018
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote EOB Quote  Post ReplyReply Direct Link To This Post Posted: 20 August 2018 at 4:44pm
Thank you for this information. This situation is not rendered during display but during the saving process. The changed letter is in the message field in the database. 
Could it be that some files are old in my Installation. Xss-hacking prevention seems a possible reason. Do you have any hints for the files doing this hacking prevention? 

Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Poole
Status: Offline
Points: 9526
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2018 at 9:06am
That is how it is meant to work.

When the post is saved the security filters will HTML encode certain words.

When those HTML encoded words are displayed in a post the web browser will show the correct character in the browser. 

So for example if you tried to inject an 'onclick' event in to a post it would be saved as 'oonclick' the browser when displaying the post will decode the HTML encoding and display 'onclick' however if this element was within a link the HTML encoding causes the 'onclick' event to fail.
Back to Top
EOB View Drop Down
Newbie
Newbie


Joined: 20 August 2018
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote EOB Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2018 at 7:26pm
Okay, thanks for the explanation but i already knew how this prevention works. The word 'boxcontent' doesn't fit in any harming constellation or am i missing something? i cannot understand how this triggers here.
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Poole
Status: Offline
Points: 9526
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 22 August 2018 at 6:51am
Many JavaScript and Visual Basic events in web browsers use the word 'on' for 'onclick', 'onmouseover',  'onload', 'onkeydown', 'onCopy', 'onError', 'onBefore', and many others.

The filters therefore HTML encode any word with 'on' in it to 'on'.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.01
Copyright ©2001-2018 Web Wiz Ltd.


Become a Fan on Facebook Follow us on Twitter Connect with us on LinkedIn Community Forums Web Wiz Blogs Web Wiz News
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Policy

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2019 Web Wiz Ltd. All rights reserved.