Customizing SMF > SMF Coding Discussion
mms:// replaced by http://mms/
(1/1)
Burpee:
I just tried placing a link to a movie with mms:// in front of it. The movie is not accessible without it.
Simplemachines won't let me create a link with that in it...
[Unknown]:
SMF does not allow links that don't start with certain schemes. Why?
On macs... finder://. In windows... shell://. On both, javascript:.
Those are just three malicious examples. I could name more. While it is your browser's job to block some of them, others are not blocked and would give access to cookie information. (like chrome://)
Because it is impossible to keep a running and up-to-date list of all of them, they are whitelisted not blacklisted. All are DISALLOWED by default.
For now at least, a mod will be needed to make mms:// work.
-[Unknown]
Burpee:
Thanx for the explanation :)
Pity it can't be fixed but I can understand...
phpBB allows (practically) all forms... so is that security hole with them?
[Unknown]:
--- Quote from: Burpee on August 14, 2004, 09:25:10 AM ---Thanx for the explanation :)
Pity it can't be fixed but I can understand...
phpBB allows (practically) all forms... so is that security hole with them?
--- End quote ---
Like I have said in the past, if I wanted to hack a phpBB forum or even a vBulletin forum, in most cases I probably could.... I couldn't do anything to the people who use the forum, but I could gain administrative access.
Not on all installations, though. It depends on the settings.
SMF, however, I could not hack. If I knew of a way, I would fix it.
-[Unknown]
Navigation
[0] Message Index
Go to full version