Please login or register.

Login with username, password and session length
Advanced search  

News:

You need/want an older version of sNews ? Download an older/unsupported version here.

Author Topic: Backslash not showing properly  (Read 6009 times)

strooman

  • Newbie
  • *
  • Karma: 0
  • Posts: 4
Backslash not showing properly
« on: April 12, 2008, 05:29:30 pm »

When I type a Backslash (\) it isn't displayed in the post. The Slash (/) however is showed correctly. View the example at

http://www.bertverberne.gethost.nl/sNews/general/test/


This is how I typed it in the editor of sNews


In another post I found a workaround by typing a double \\ but that's not nice solution. When transferring your html post you should always do a search and replace to get rid of the double backslashes.

Any clues to correct this?
« Last Edit: April 12, 2008, 05:39:05 pm by strooman »
Logged

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6020
  • Semantically Challenged
    • snews.ca
Re: Backslash not showing properly
« Reply #1 on: April 12, 2008, 06:19:36 pm »

Welcome to the sNews Project strooman.

This is not a bug. It happens on purpose. function cleanXSS... located quite far down in the snews.php (engine) file... searches for specific symbols and characters that are listed within the function. If it finds one of them in content being entered into a textarea... it either removes it or substitutes it with something acceptable (depending on what it is). The back-slash is on of the characters that is... not acceptable and is removed by this function unless it is nullified by adding that second back-slash right after it.

This is done because executable code will often contain back-slashes and... if someone was to paste some executable code into a textarea that got saved in its executable form in the database... it would execute one opened in an article... and if it was destructive code... well it could destroy the functionality of the website using sNews.

Of course... the above is my "best" assumption. Anyone is free to correct me if I am wrong.  ;)
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

strooman

  • Newbie
  • *
  • Karma: 0
  • Posts: 4
Re: Backslash not showing properly
« Reply #2 on: April 12, 2008, 10:51:04 pm »


This is not a bug. It happens on purpose. [snip]

This is done because executable code will often contain back-slashes and [snip] if it was destructive code... well it could destroy the functionality of the website using sNews.


OK thanks Keyrocks for your extended answer. I understand it's a security issue, nevertheless can I adjust the function and delete the Backslash?
Logged

mike1

  • Full Member
  • ***
  • Karma: 6
  • Posts: 199
Re: Backslash not showing properly
« Reply #3 on: April 13, 2008, 02:22:20 am »

does using the html notation for backslash \ work?
Logged

funlw65

  • Hero Member
  • *****
  • Karma: 96
  • Posts: 771
    • Country Lab
Re: Backslash not showing properly
« Reply #4 on: April 13, 2008, 08:38:21 am »

... unless it is nullified by adding that second back-slash right after it.


Keyrocks answered already to you  ;). Try that way.
Logged

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6020
  • Semantically Challenged
    • snews.ca
Re: Backslash not showing properly
« Reply #5 on: April 13, 2008, 03:40:38 pm »

does using the html notation for backslash \ work?

Yes... it does.  :)
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

strooman

  • Newbie
  • *
  • Karma: 0
  • Posts: 4
Re: Backslash not showing properly
« Reply #6 on: April 13, 2008, 05:38:00 pm »


Quote
Keyrocks answered already to you  ;). Try that way.

I want to exclude the backslash from the function cleanXSS, but i'm not a code expert. Please explain what part of the code i have to adjust

Thanks in advance
Logged

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6020
  • Semantically Challenged
    • snews.ca
Re: Backslash not showing properly
« Reply #7 on: April 13, 2008, 09:39:46 pm »

I want to exclude the backslash from the function cleanXSS, but i'm not a code expert. Please explain what part of the code i have to adjust
Thanks in advance

I recommend that you don't exclude it from cleanXSS but... hey... it's like having un-protected sex... and you're free to do it as long as you're willing to live with and accept any perils you may suffer as a result.  ;)

The function used in sNews is based on the PHP XSS Filter Function and the page at this link provides you with all the details on how it works... and the reasons why you want it to work... including links that will provide you with informatin on what XSS attacks are and how they work... the attacks you might want protection against.  ;)
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

strooman

  • Newbie
  • *
  • Karma: 0
  • Posts: 4
Re: Backslash not showing properly
« Reply #8 on: April 13, 2008, 10:29:43 pm »

Quote
I recommend that you don't exclude it from cleanXSS but... hey... it's like having un-protected sex... and you're free to do it as long as you're willing to live with and accept any perils you may suffer as a result.  ;)

The function used in sNews is based on the PHP XSS Filter Function and the page at this link provides you with all the details on how it works... and the reasons why you want it to work... including links that will provide you with informatin on what XSS attacks are and how they work... the attacks you might want protection against.  ;)

OK, you've made your point about the security issue and because, as I already mentioned, I'm not an expert on coding and that kind of stuff, I'll take your answer serieusly. Therefore i will stay with the double backslash to display my posts properly.
Thanks for your detailed answer I really appriciate that.

With kind regards, the strooman
Logged

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6020
  • Semantically Challenged
    • snews.ca
Re: Backslash not showing properly
« Reply #9 on: April 13, 2008, 10:43:17 pm »

... As I already mentioned, I'm not an expert on coding and that kind of stuff, I'll take your answer serieusly.
... Thanks for your detailed answer I really appriciate that.
    With kind regards, the strooman

You are welcome Strooman. I am not a coding expert either... just another hobbyist... learning as I go along... as you are now.
I only base my suggestions... in this particular case... on the fact that someone else put the function in sNews for a good reason... and the reasons for using it as provided on the page I linked to... seem reasonable enough to me once I read through and understood the message.  :)
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU