That's a terrible idea. What if someone exploits this by putting malicious code into a code bracket and it runs on your computer because you decided to give MCF a free pass to run whatever code it wants on your computer? o_O
I can't reproduce this, the forum doesn't allow anyone to embed Java applets, nor would Java code just do that, it has to be compiled. This is probably from the photobucket embeds, I'll look into it. Thanks for the report, but I don't think this is a vulnerability.
Ah, my mistake, I've managed to reproduce it. I was looking on the wrong page I see what has happened, the importer thought your post was IPB rendered HTML and said "let's trust it!". I've let the dev team know, this can't happen with new posts but will with some old. Sorry about that! I'll manually fix any posts that have this issue.
Ah, my mistake, I've managed to reproduce it. I was looking on the wrong page I see what has happened, the importer thought your post was IPB rendered HTML and said "let's trust it!". I've let the dev team know, this can't happen with new posts but will with some old. Sorry about that! I'll manually fix any posts that have this issue.
yeah guessed it could only happen with old, thought we should bug though as people could change what links in say a <script> pointed to if they noticed, causing XSS attacks somethign we would rather not happen
http://www.minecraftforum.net/members/nekosune/posts?page=24
Browser yells at me about Java and then freezes.
Just clicked (always run on this website)
Test
I mod things. Check me out on twitter or on Espernet IRC at #TheSteamTank
My one was ponting to a local jar, but if any other code blocks became pure html blocks that was linking to remote, could cause trouble
yeah guessed it could only happen with old, thought we should bug though as people could change what links in say a <script> pointed to if they noticed, causing XSS attacks somethign we would rather not happen