Search found 363 matches

by JoshyPHP
Sat Aug 18, 2018 9:51 pm
Forum: [3.x] Discussion
Topic: .svg as user uploaded attachments or [img] links
Replies: 8
Views: 721

Re: .svg as user uploaded attachments or [img] links

If you let someone upload a SVG, it becomes possible for someone to link to it and then it becomes possible to execute scripts. Same as letting users upload a HTML file.
by JoshyPHP
Sat Aug 18, 2018 4:15 pm
Forum: [3.x] Discussion
Topic: .svg as user uploaded attachments or [img] links
Replies: 8
Views: 721

Re: .svg as user uploaded attachments or [img] links

I am not an expert on .svg format, but some quick searching has taught me that .svg files may contain scripts and are thus a potential security hole. Scripts are not executed by the browser if the resource is fetched as an image. In order to execute scripts you need to link to the SVG image and for...
by JoshyPHP
Sat May 12, 2018 9:28 pm
Forum: [3.x] Discussion
Topic: usage of Eval
Replies: 2
Views: 1070

Re: usage of Eval

eval usage should be avoided, no ? In practice it goes like this: A: eval() should be avoided() B: Why? A: Because it's bad. B: Why? A: It's not safe. B: Why? A: It can be used to <whatever> B: How? A: I don't know. If you're interested, here's what you should do: find out how eval() is being used,...
by JoshyPHP
Tue May 08, 2018 9:16 pm
Forum: [3.x] Tickets Discussion
Topic: Support for Emojis
Replies: 64
Views: 43580

Re: Support for Emojis

If the user used the actual emoji character or sequence then yes, you have the original character available if you want to process it at display time somehow. If they used an ASCII name such as :rainbow_flag: it gets dicier, considering there's no standard for them. Either way, the only values avail...
by JoshyPHP
Tue May 08, 2018 1:14 pm
Forum: [3.x] Tickets Discussion
Topic: Support for Emojis
Replies: 64
Views: 43580

Re: Support for Emojis

Each emoji set uses a different filename scheme, which makes it much harder to switch from a one to another unless you maintain your own fork. EmojiOne: 1f3f3-1f308.png Twemoji: 1f3f3-fe0f-200d-1f308.svg Noto: emoji_u1f3f3_200d_1f308.svg Currently, the value that's stored in the post's data is 1f3f3...
by JoshyPHP
Tue Apr 17, 2018 1:50 am
Forum: [3.x] Tickets Discussion
Topic: Support for Emojis
Replies: 64
Views: 43580

Re: Support for Emojis

On the topic of emoji, I noticed today that GitHub have recently replaced their emoji with Noto's. GitHub's PNG is on the left, Noto's SVG on the right:

Image Image
by JoshyPHP
Mon Apr 16, 2018 6:53 pm
Forum: General Development Discussion
Topic: Moving developement discussion to Discord
Replies: 13
Views: 3603

Re: Moving developement discussion to Discord

Let me put it this way:
  1. Replace IRC with Discord
  2. ???
  3. Greater engagement
What happens in phase 2 that leads to phase 3?
by JoshyPHP
Mon Apr 16, 2018 2:39 pm
Forum: General Development Discussion
Topic: Moving developement discussion to Discord
Replies: 13
Views: 3603

Re: Moving developement discussion to Discord

Can you provide a practical example of something that would be made possible by using Discord instead of IRC + forums?
by JoshyPHP
Fri Apr 13, 2018 5:02 pm
Forum: [3.x] Tickets Discussion
Topic: Support for Emojis
Replies: 64
Views: 43580

Re: Support for Emojis

Having consistent emoji is very expensive in development and maintenance. Here are some of the reasons. First off, every operating system, device or browser has its own way to display emoji. It can be as a nice color image, a slightly less nice black-and-white image, or even not an image at all with...
by JoshyPHP
Wed Apr 11, 2018 4:16 pm
Forum: [3.x] Tickets Discussion
Topic: Support for Emojis
Replies: 64
Views: 43580

Re: Support for Emojis

Personally I have no plans whatsoever. I do maintain the Noto fork but I have no plans for it either.

The only reliable emoji set that's on a public CDN is Twemoji and it uses a different naming scheme as the one used in s9e\TextFormatter. Switching to it would require some work.