UnderGround Forums Edit Function / Issues

2/18/20 4:01 PM
1/1/01
Posts: 19487
Last week we updated the forum to disallow scripts in user posts. This vulnerability allowed people with malicious intent to do all kind of things (floating bats, Hillary heads, and altering the post submission to appear as coming from another user).
 
This of course also would disallow the use of legitimate scripts (twitter, youtube, instagram, etc). To allow that, we implemented oembed which would allow users to simple put a URL in their post and we handle the embedding on the backend. This works as anticipated.
 
However, this did have an effect on edit. How oembed works is we send the URL and the embed script gets returned and input into the content. So in the database, your post is stored in a single HTML field. The issue there is when you edit, you have to recall that content into the editor, so before it would just put the embed script back, which of course we would strip out on completing your edit.
 
To fix that, we had to change the DB structure in that posts are now actually multiple fields (content and any embed scripts). So now we can recall your content and URLs separately. You can see that is working now. And to boot, it had to be completed on two different code bases (standard and framed).
 
To make this work for all past posts, it required running a batch script to update all posts in the database (over 300 million). That process removed all unknown (malicious) scripts and also parsed out legitimate scripts and moved them into their new fields.
 
This batch was run in a loop and slowed down, but was obviously resource intensive. It is the reason for the forum issues over the last two days. (Forum not working, threads disappearing, etc).
 
Long term we believe this is a great step forward. The 'holes' in the code are plugged and it should now be a much easier experience when posting and editing content with rich media.
 
I look forward to continue hearing feed back and complaints and making this forum better for everyone.
2/18/20 4:06 PM
12/22/10
Posts: 24711

Test: 

2/18/20 4:08 PM
6/26/17
Posts: 5125


2/18/20 4:10 PM
2/25/15
Posts: 4174

2/18/20 4:16 PM
11/21/19
Posts: 907

2/18/20 4:16 PM
9/5/11
Posts: 40286

2/18/20 4:21 PM
3/13/18
Posts: 5411

Standing by for flying rats

2/18/20 4:26 PM
8/3/11
Posts: 26979

So, no more Hillary heads?

;-(

Edited: 2/18/20 4:27 PM
4/27/15
Posts: 15847

Test

 

Irish dance

 

Irish dance

 

2/18/20 4:31 PM
1/1/01
Posts: 19488
touch -

So, no more Hillary heads?

;-(

As much as I laughed about it, no.

Edited: 2/18/20 4:40 PM
4/22/03
Posts: 18370
Chris -
touch -

So, no more Hillary heads?

;-(

As much as I laughed about it, no.

 

At least 1 for old times...

 

2/18/20 4:54 PM
1/1/01
Posts: 95817

2/18/20 4:57 PM
6/26/17
Posts: 5126


2/18/20 5:14 PM
9/26/10
Posts: 21326

this has been incredibly annoying.  but, personally,  as long as we are getting an explanation for what  is going wrong, i can live with it. 

 

THANKS

2/18/20 5:15 PM
6/9/16
Posts: 7255

Heath Ledger GIF - Find & Share on GIPHY

2/18/20 5:38 PM
7/15/11
Posts: 17589

There’s been quite a few people saying they’ve had posts appear that they didn’t post. Any explanation as to why? Did this just go live today sometime?

2/18/20 5:39 PM
7/15/11
Posts: 17590
Black Dougie -

Test

 

Irish dance

 

Irish dance

 

Well this pops up every chance it gets. Talk about annoying.

2/18/20 5:51 PM
7/13/09
Posts: 16486

Riverdancing Chick is hot

2/18/20 6:04 PM
10/30/05
Posts: 6336

Oh fuck off

2/18/20 6:11 PM
10/30/19
Posts: 1121
Does that explain this morning?
2/18/20 6:42 PM
2/10/20
Posts: 45

lol.....

2/18/20 6:46 PM
1/18/06
Posts: 12414

"The 'holes' in the code are plugged"

 

Edited: 2/18/20 6:55 PM
11/28/03
Posts: 109425

testing

Irish dance

What did you do today for your fitness?

Wild Beast in the Grass

2/18/20 6:55 PM
1/12/07
Posts: 15845


2/18/20 6:56 PM
4/19/09
Posts: 17554
touch -

So, no more Hillary heads?

;-(

Was the forum’s best feature.