Closed rusprice closed 3 years ago
clarkwinkelmann
commented
4 years ago Thanks for the report! We will investigate and prepare a fix.
I would have expected the url validation rule to prevent that, but I suppose that's actually not the case.
Ralkage
commented
3 years ago Hi there 👋 not sure which version this was fixed in, but the url validation rule is working again
Please let us know if the issue persists for you on the latest version @UntrustableRus and feel free to create a new issue if it does.
dsevillamartin
commented
3 years ago Reopening because the wrong code was tested (<script> tag instead of javascript:... url).
dsevillamartin
commented
3 years ago Looks like it has been fixed at some point. The URL validation prevents it from being saved with javascript:.
On your profile, you can execute JavaScript when somebody clicks one of your social links. if you added a social link with any name and have the URL be "javascript:{yourjscodehere]" then that JS will execute when somebody clicks on that link. Luckily, this javascript will not execute on the forum but rather a new page and because no page was specified, most browsers will execute it in about:blank.