Place Your Ad Here

Bug IMG tag

There is a bug in this version
T

topkurs2

Guest
Hello.
Just found some small, but unpleasant bug or feature?
When using IMG tag, manually we can add in this tag any url, any info, not only image.
I mean
Code:

[img]http://google.com[/img]
or
Code:

[img]http://127.0.0.1[/img]
All these tags are parsing by Xenforo in such way:
bug.png
It's very unsecure. This opens the possibility for attacks, phishing, disclosure of IP address, browser, refer and so on.
I suggest to add some verification procedure - to check is this real image (e.g. by...

Read more

Continue reading...
 
You must log in or register to reply here.

Similar threads

N
Solved The <img> tag should not be displayed unless the OAuth client image URL is provided
Replies
0
Views
57
XenForo General Discussions
NikitOS
N
N
Bug The <img> tag should not be displayed unless the OAuth client image URL is provided
Replies
0
Views
52
XenForo General Discussions
NikitOS
N
M
Ques/Help Resizing Images with [IMG] Tag?
Replies
0
Views
195
XenForo General Discussions
Matthew Hutchinson
M
B
Bug When using an email logo the <img> tag is missing the required alt attribute
Replies
0
Views
301
XenForo General Discussions
bzcomputers
B
T
Solved IMG tag
Replies
0
Views
430
XenForo General Discussions
topkurs2
T
Top Bottom
Back