View Full Version : HTML appearing in reviews?
March 24th, 2008, 01:54 AM
An unregistered user is posting reviews that look like they contain HTML. For example, someone added a review that contains an <A HREF statement as well as URLs. You can see the example by looking at the reviews for this product:
In my Admin Options, "Allow HTML in Product Fields?" is set to No.
and "Allow HTML in Reviews?" is also set to No.
How is this user able to add reviews that contain <A HREF code, and what can I do about it? Is there another option that needs to be changed?
March 24th, 2008, 06:34 AM
I have this problem since i use vb 3.7 (beta, now RC).
Most of the time this happens on my board is, then users use the WYSIWYG-Editor.
PhotoPost was fixed, as far as i know (after last PhotoPost-Update, it never happend on PhotoPost) Perhaps Chuck can provide us a little fix ;-)
EDIT: Sorry Bob, after watching you Site, i saw you don't use vBulletin.
@Chuck or Michael: Can you please have a look in vB's WYSIWYG-Editor-integration? THANKS!
March 24th, 2008, 10:20 AM
Actually he is not posting html he is posting bbcode it looks like and that is allowed if html is off.
There is nothing you can do about that except remove the line in showproduct.php to convert_markups for the review.
March 24th, 2008, 11:22 AM
March 24th, 2008, 02:21 PM
yeah thats what it looks like as you have 3 valid links converted from an img tag and then you see the unprocessed link statement as thats not a valid bbcode that we process it looks like that is just printed in the comment.
March 24th, 2008, 08:22 PM
What about the WYSIWYG-Editor from vBulletin? Any fiy on the horizont :D Thanks!
March 24th, 2008, 11:50 PM
You can look forward to a reviewpost beta shortly and try it when I release one. I am not sure what changes your referring to but something we can look at in the beta cycle.
March 25th, 2008, 10:52 AM
Ok, thanks.. So i'll wait for RP-Beta (perhaps vB is gold at this time, so i am sure we will figure it out and fix it :D )
March 25th, 2008, 11:21 AM
Not a problem have a good one.
April 15th, 2008, 06:00 PM
Are there news about the RP-Beta? I still have the problem with the appearing HTML-Code (vb @ 3.7 RC3)
Thanks ! :-)
April 15th, 2008, 08:47 PM
the only example posted in this thread the guy is using bbcode not html so i am not sure what your referring to but anyway a beta should be out shortly support is keeping me tied up some here and I had expected to have released in a couple weeks ago.
April 27th, 2008, 10:00 AM
Have a look:
You will find HTML-Code from users who use the WYSIWYG-Editor in vBulletin.
This only happens since i upgraded vBulletin to 3.7 (always actual Beta or RC)
April 27th, 2008, 12:51 PM
Okay I dont see anything wrong with that through its html and I am sure you can do the same thing in vb but you need to throw the switch in vb to allow the html to show. We have pretty much the same thing in reviewpost its the admin switches allow html in reviews or allow html in products depending on where it is.
Its always been this way and is not just a vb 3.7 thing that I am aware of.
Also 3.7 is still a beta or RC as I see. There latest gold code is 3.6.10
April 28th, 2008, 04:29 AM
I disabled HTML in vBulletin (you are right, it's there since i use vB a long
time ago :-) ) and both switches in ReviwPost:
Allow HTML in Product Fields?
Please note it is a security issue to allow html in product fields but if you do want to take the risk set to YES!
Allow HTML in Reviews?
Please note it is a security issue to allow html in reviews!
are set to NO.
Like i said, it never was a problem before 3.7 and it only appears then using the WYSIWYG-Editor.
vB is on RC4 and will be Gold this week.
April 28th, 2008, 07:31 AM
You have always been able to type html in a product description or review in photopost products we do not parse the html though. In Reviewpost we added the ability to parse the html. Now if you wish to strip html from a review you can remove tags you wish to allow in the un_htmlspecialchars function at the top of pp-inc.php thats all I can tell ya as this would not be an issue with vb or really an issue. I could type paragraph tags in any version of vb. I have vb 3.6 and can type a review like that with ease using html in the review.
April 29th, 2008, 04:55 AM
Hm, when i use the WYSIWYG-Editor, it adds the HTML-Code automatically after submitting (not during typing), so users add HTML-Code without their knowledge (eg. Linebreak, etc.)
It would be noe problem, if they type HTML-Code by themself, but they just type in the WYSIWYG-Editor and end up with HTML-Code.
If they do NOT use the WYSIWYG-Editor, eveything is fine (but thats not really an option :) )
Thanks for looking...
April 29th, 2008, 11:34 AM
I was not talking about line breaks only thing I see on your example is people typing paragraph tags but at any rate i will look at their beta.
April 29th, 2008, 11:41 AM
They just typing reviews and end up with HTML-Code :D
I am happy if you would have a look.... vB is now 3.7 Gold.
Please let me know if i can assist you.
April 29th, 2008, 11:46 AM
yeah well i will have to wait for my vb renewal. ;)
May 13th, 2008, 07:47 PM
Was ReviePost cancled or will customers receive support soon? :(
I need to know, because i will remove ReviewPost from my page if there is no support - and i am waiting for MONTHS now :(
May 13th, 2008, 08:01 PM
I have vb 3.7 please post a sample review you get html in?
I did not have any issues with html showing
May 13th, 2008, 08:13 PM
May 13th, 2008, 08:20 PM
http://www.stuttgart-fans.de/bewertungen/showproduct.php?product=547 (2nd review)
http://www.stuttgart-fans.de/bewertungen/showproduct.php?product=546&limit=recent (3rd review)
http://www.stuttgart-fans.de/bewertungen/showproduct.php?product=545&limit=recent (2nd review)
...still going, all using WYSIWYG-Editor - no one entered HTML-Code, just entered Text and subimted. Only happens when using WYSIWYG in vB 3.7
May 13th, 2008, 09:08 PM
Interesting please test on my site as I am using WYSIWYG and 3.7 as well
login with testing and testing. I posted you a test above.
You have any hacks or anything in your vb?
May 13th, 2008, 10:33 PM
I posted a test at your site and had no problems.
My vB is nearly unhacked (no hacks, just some plugins) and i also run PhotoPost WITHOUT this problem, so i think it has something to do with ReviewPost :(
May 14th, 2008, 10:35 AM
Feel free to post me a login to your site but the issue here is if this is really a reviewpost issue how does one replicate it.
I posted the same review you had on one of your links with no problems I removed the <br /><br /> in the review
Now I posted an anonymous comment on your site so approve it and see what my test did.
May 14th, 2008, 11:09 AM
Essentially what we need to do is if both you and I can not replicate the issue anywhere on our sites then we need to see what these users are typing.
We need to know exactly how they are getting this.
May 14th, 2008, 12:09 PM
Your review/comment is fine. But unregistered users do not use the WYSIWYG-Editor.
My username there is "Alex", i will end with HTML-Code thwn i uae thw WYSIWYG-Editor, if i disable the editor or choose an other one in my vb Userpanel, the problem is gone. I think it's the same for the users (i checked settings of some users who end up with HTML-Code and they all had WYSIWYG enabled)
What accesslevel do you require on my site? User or Admin ?
May 14th, 2008, 12:22 PM
well both you and I and even my test regular user have the WYSIWYG editors enabled and we cant replicate it at least thats what I am getting
If you say you end up with html what exactly are you typing what steps.
If this was specifically an issue with Reviewpost coding this should be evident on every last reviewpost site and you did post on my site which is as stock as they come with no plugins installed except vbportal sidebar.
I need to replicate this in order to suggest a fix so we need to understand exactly in what steps or circumstances it happens.
May 17th, 2008, 07:25 PM
I installed RP4B1 minutes ago, the problem still exitst.
Last review from TestUser.
vBulletin WSIWYG enabled.
Gone to the Product.
Clicked "Add review"
WYSIWYG-Editor showing well, entered Text, made some text bold, cklicked on a smiley
The result is the HTML-Code again. Hm, thats wired, tried the same in Photopst and everythings is fine:
http://www.stuttgart-fans.de/bilder/showphoto.php?photo=167 (Comment TestUser)
May 17th, 2008, 07:37 PM
On the index-page / latest review, the format (bold) is displayed correctkym just the smiley is missing.
Hm :-) I am going crazy, hehe
May 17th, 2008, 09:00 PM
Reviewpost should be using the same templates Photopost uses.'
Like I stated I need to know what the user is trying to enter to get this. We have both tried and can not duplicate this.
vBulletin® v3.8.1, Copyright ©2000-2014, Jelsoft Enterprises Ltd.