Skip to content
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo
v3.10.3 Latest
Buy Hosting
  1. Home
  2. General Discussion
  3. Topics.post without parsing

Topics.post without parsing

Scheduled Pinned Locked Moved General Discussion
7 Posts 3 Posters 2.3k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • PitaJP Offline
    PitaJP Offline
    PitaJ Global Moderator Plugin & Theme Dev
    wrote on last edited by
    #1

    So, I'm pretty sure that Tpoics.post calls filter:post.raw on content. Is there any way of passing a direct HTML string? If not, is there another way of achieving the same tasks as Topic.post? I'm pretty sure it's just Topic.create followed by Topic.reply anyways.

    1 Reply Last reply
    0
    • frissdiegurkeF Offline
      frissdiegurkeF Offline
      frissdiegurke Plugin & Theme Dev
      wrote on last edited by frissdiegurke
      #2

      the post-parsing happens on post-request, not before saving the posts.
      So you'd need to switch off any filter:parse.raw calls before post-deliver (of certain posts)?

      As of this code filter:messaging.parse gets called with data-object that contains the parsed message and the original one.
      So using a high priority (or low, I simply can't remember this fact 😄 ) for your hook and replacing data.parsed and data.parsedMessage with data.message inside should fit your needs (even so you wouldn't minimize other plugins performance).

      MegaM 1 Reply Last reply
      0
      • MegaM Offline
        MegaM Offline
        Aza Noriega Community Rep
        replied to frissdiegurke on last edited by Mega
        #3

        @frissdiegurke said:

        filter:messaging.parse gets called with data-object that contains the parsed message and the original one.

        So using a high priority (or low, I simply can't remember this fact 😄 ) for your hook and replacing data.parsed and data.parsedMessage with data.message inside should fit your needs (even so you wouldn't minimize other plugins performance).

        No, man. It's for chat messages only. @pitaj wants to interact with topic posts.

        UPD: I'll try to dig the subj.

        1 Reply Last reply
        0
        • frissdiegurkeF Offline
          frissdiegurkeF Offline
          frissdiegurke Plugin & Theme Dev
          wrote on last edited by frissdiegurke
          #4

          @Mega Ah, my fault. So the real post-parsing works by calling the composer.renderPreview socket-id? because the search for filter:parse.raw doesn't show up any other possibilities 😄 just curious.

          EDIT: my mind is tricking me out. please ignore 🙂

          1 Reply Last reply
          -1
          • MegaM Offline
            MegaM Offline
            Aza Noriega Community Rep
            wrote on last edited by Mega
            #5

            Uhm, it was kinda not so easy to dig it

            @pitaj said:

            So, I'm pretty sure that Tpoics.post calls filter:post.raw on content. Is there any way of passing a direct HTML string? If not, is there another way of achieving the same tasks as Topic.post?

            Yes, Topics.post() entails filter:parse.post and I don't see any possibility to avoid it without core changing.
            https://github.com/NodeBB/NodeBB/blob/master/src/topics/create.js#L255

            But, actually, if you even so wanna include raw html into posts, why would you just create another plugin?

            Let's say BB-code [rawhtml][/rawhtml]. It'll be listening to filter:post.parse and will have priority more than Markdown and friends. Now all what the plugin should do > just replace < > " inside BB-code to right symbols, and removes [rawhtml][/rawhtml] from post.

            What do you think, will it okay for you? :3

            PitaJP 1 Reply Last reply
            0
            • PitaJP Offline
              PitaJP Offline
              PitaJ Global Moderator Plugin & Theme Dev
              replied to Aza Noriega on last edited by
              #6

              @Mega that solution has XSS vulnerability written all over it. It I add that tag as possible, anyone could use it in a post, which could add script tags, etc. I could maybe add a private key or something, but that is still dangerous.

              MegaM 1 Reply Last reply
              0
              • MegaM Offline
                MegaM Offline
                Aza Noriega Community Rep
                replied to PitaJ on last edited by
                #7

                @Mega said:

                What do you think, will it okay for you? :3

                @pitaj said:

                that solution has XSS vulnerability

                Yup ^_^

                1 Reply Last reply
                0

                Copyright © 2024 NodeBB | Contributors
                • Login
                • Don't have an account? Register
                • Login or register to search.
                Powered by NodeBB Contributors
                • First post
                  Last post
                0
                • Home
                • Categories
                • Recent
                • Popular
                • World
                • Top
                • Tags
                • Users
                • Groups
                • Documentation
                  • Home
                  • Read API
                  • Write API
                  • Plugin Development