• Our software update is now concluded. You will need to reset your password to log in. In order to do this, you will have to click "Log in" in the top right corner and then "Forgot your password?".
  • Welcome to PokéCommunity! Register now and join one of the best fan communities on the 'net to talk Pokémon and more! We are not affiliated with The Pokémon Company or Nintendo.
    Register

Suggestion: JavaScript in signatures

Alexander Nicholi

Alexander Nicholi

what do you know about computing?
5,500
Posts
14
Years
    • Lately I've come to notice that as a whole signatures lack a lot of extensibility and interactivity, and that it may be in the forum's interest to add JavaScript as a reason for users to play with others' signatures and for signatures with JS to be made as well.

    I propose a staff approval system for such measures, where users can submit their signatures (finalized) and await staff inspection to allow deployment. For implementation we could perhaps add an inline JS BBCode, or possibly also a JS importer BBCode (though minified JS would eliminate the need for this).

    At present the most signatures do are fancy CSS tricks and links to other parts of the user's choice. It could stand for a little more purpose.
     

    abnegation

    10,673
    Posts
    15
    Years
    • Seen Dec 30, 2023
    Cross-site scripting (XSS) is the #1 vulnerability on the web to date. As of now it accounts for about 84% of all security vulnerabilities on the internet. It's predominantly written with JavaScript.

    The security and conflict risks alone here...JavaScript is a programming language CSS is a styling language, so is BB Code. JavaScript is used notoriously for accessing browser vulnerabilities. And while, yes, you can do fancy looking things with it we couldn't possibly trim it down because once again, it's a programming language.

    It makes no sense to allow users even use JavaScript because once again it's a programming language, not a styling one. Signatures are aesthetic, and aside from adding a few links or text there's very little interactivity or usefulness for them. Too right, because we don't want dozens of fully fleshed out websites (or not) in every thread we open. Sloppy code can also really slow down web pages massively, which is a common occurrence with novice programmers.

    As for staff approval, again not every staff member is fluent in JavaScript, in fact, I think there's 3 of us who use it on a day to day basis. Even we're not 100% fluent in it and could easily oversee an exploit. Now, if there is something you would like to be able to do with JavaScript in particular, let us know. Spoiler tags are created using the language so we added a BB code for it, if there's a feature we could potentially add into a BB code selection using the language (or other web languages) then we can take a look at your idea and possibly create it.

    The potential for this to be a security risk is far too wide, and I think considering using programming languages for your forum signature quite...stretches the purpose of what a signature is actually meant to be for.
     
    You must log in or register to reply here.
    Back
    Top