Bug Post Style Breaks The Post

etrd · Apr 20, 2022

When activating post style (bold. italic, underline, color, glow, and/or shadow) it breaks the message.
Exactly like the bug posted here... https://www.dragonbyte-tech.com/threads/bug-post-style.25452/

Same result for Post Style (Pre-Defined) and Post Style item types.

But Post Style (Pre-Defined) has another bug though, it asks for post ID which means the effect only applies to 1 post even though [ Valid for a single post only ] option is not selected (unchecked).

Fillip H. · Apr 20, 2022

Have you tried this on a completely default style, with no other add-ons or template modifications active?

etrd · Apr 20, 2022

On a default style with unaltered templates, yes. With disabled add-ons, no. Could you confirm you have not encounter these issues on your end? And what XF version did you tried it to?

Fillip H. · Apr 21, 2022

While it does look like there's an issue, I can't do anything about it in the short term because the git log shows the change was made to fix a security issue. I'll need to do a deeper dive into this, so I'll leave this open until such time as I can investigate further.

etrd · Apr 21, 2022

Did the other customer with similar issues managed to fix it?

Fillip H. · Apr 21, 2022

Sorry, I'm not sure I understand. The issue is that I'm deliberately HTML escaping the post contents (causing the bbWrapper part to be rendered as text), which was originally done in order to fix a security issue.

There is nothing anyone can do to fix it in the short term, other than simply not using those items for the time being.

etrd · Apr 21, 2022

I was referring to the old ticket submitted by another customer I mentioned in my original post with similar issues as this one. It was closed automatically without confirmation if the issues were resolved. If it was resolved then maybe we could also try what he o you did to fix it.

Fillip H. · Apr 21, 2022

Some people just never post back, and I didn't look into it at the time because they didn't post back whether my steps resolved the issue or not. Ticket closure is automatic after a period of inactivity if the ticket is set to "Answered", to keep the ticket queue clean and manageable for me.

Since you posted back about having tried at least some of those steps, that was enough info for me to investigate whether this was an addon conflict or an issue with this add-on

etrd · Apr 21, 2022

Alright then, we'll just wait for the update.

Fillip H. · Jun 9, 2022

This turned out to be pretty tricky to solve. The method I used for injecting the post style displayed different behaviour based on whether or not BBCode was being parsed in the post.

For example; if someone edited the post_macros template to remove the BBCode parser, the "Post Style" injection code would cause an XSS vulnerability due to not properly escaping the post. Fixing that would then cause the parsed BBCode version of the post to be double escaped.

The solution ended up being to abandon this method of injecting the post style in favour of adding the wrapper <div> in the template modification, and using its style attribute to add the style properties.

DragonByte Technologies · Jun 9, 2022

Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future release (6.6.0).

Change log:

Fix: Fix Post Style items breaking posts in certain scenarios

Bug Post Style Breaks The Post

etrd

Fillip H.

etrd

Fillip H.

etrd

Fillip H.

etrd

Fillip H.

etrd

Fillip H.

DragonByte Technologies

Company Information

Similar threads

DragonByte Shop

We value your privacy