Forum Preview

12/01/04 04:28pm

Status: offline

ronack

Forum User

Full Member

Registered: 05/27/03

Posts: 612

I had a link like this

Text Formatted Code
<a href="void(window.open('http://domain/page.php', '', 'width=720,height=500, location=no, menubar=no, status=yes, toolbar=no, scrollbars=yes, resizable=yes'))">Click here </a> 

It doesn't work now. What's different?

12/01/04 04:35pm

Status: offline

Turias

Forum User

Full Member

Registered: 10/20/03

Posts: 807

Try replacing void with javascript:void

I can't get the link you posted to work without doing that.

12/01/04 04:40pm

Status: offline

ronack

Forum User

Full Member

Registered: 05/27/03

Posts: 612

Quote by Turias: Try replacing void with javascript:void

I can't get the link you posted to work without doing that.

It just strips out the javascript:
Do I need to wrap it with the code: tag?

12/01/04 04:43pm

Status: offline

ronack

Forum User

Full Member

Registered: 05/27/03

Posts: 612

No that didn't work.

12/01/04 04:53pm

Status: offline

Dirk

Site Admin

Admin

Registered: 01/12/02

Posts: 13073

javascript: is not in the list of allowed protocols and is therefore removed.

Text Formatted Code
// list of protocols that are allowed in links                                 

$_CONF['allowed_protocols'] = array ('http:', 'https:', 'ftp:');

Although I don't think it would be a good idea to add it there ...

bye, Dirk

12/01/04 04:59pm

Status: offline

ronack

Forum User

Full Member

Registered: 05/27/03

Posts: 612

Yeah I would need it for admin only, but I do use it a lot and it is a show stopper for me.

12/01/04 05:01pm

Status: offline

ronack

Forum User

Full Member

Registered: 05/27/03

Posts: 612

Are stories the only place JS is not allowed?

12/01/04 05:10pm

Status: offline

Dirk

Site Admin

Admin

Registered: 01/12/02

Posts: 13073

The protocol check is part of the kses filter, so it would apply to all places where that filter is used. I.e. articles, comments, static pages (if you enable HTML filtering for static pages), the forum (if configured to use Geeklog's HTML filter instead of its own), etc.

bye, Dirk

12/01/04 05:33pm

Status: offline

ronack

Forum User

Full Member

Registered: 05/27/03

Posts: 612

Looks I am going to have to enable it in the allowed protocals for now. I'm just using it in too many places.