07-25-2019, 05:40 PM
(This post was last modified: 07-25-2019, 05:42 PM by Simpsons Dumper.)
That's understandable if not including a bulk uploader was a conscious choice. Perhaps the ability to bulk-upload, among other features if you have any ideas, could be unlocked after an account is marked as "trusted" by a staff member. But I also understand implementing stuff like this adds hassle on your end for the benefit of not that many users.
For the special characters, I think it's easiest to explain with examples.
The first place I noticed any special character filtering is when I uploaded this submission and saw the file listings got truncated. Out of curiosity, I left it as-is and it shows up on the public website the same as it did in the "pending submissions" page. If you want me to fix it by getting rid of "<", I can.
So what I've now done today (because I find thoughts take a while to trigger) is experiment in a comment I made on The Sounds Resource which is too old for anyone to notice is being edited, at least as far as the public-facing comments page goes. Anything enclosed in "<" and ">" gets removed unless separated by an HTML tag, for example a line break. Anything at all after a lonely < gets removed, which can include the entire comment (though it can't actually be submitted if it is made empty like this).
Because of the removal of "<" in particular is quite aggressive, I couldn't do anything that you certainly would not want like adding custom JavaScript. What I did manage, however, is to add custom attributes to an element. I chose the YouTube player - this might work on others but I've not tried. By inserting "[youtube]" style="height: 1000px" [/youtube]", for example, I can have a 1000px-tall YouTube player. It's fairly harmless, which is why I'm not contacting you privately about this, but it's still a bit of a vulnerability nonetheless.
For the special characters, I think it's easiest to explain with examples.
The first place I noticed any special character filtering is when I uploaded this submission and saw the file listings got truncated. Out of curiosity, I left it as-is and it shows up on the public website the same as it did in the "pending submissions" page. If you want me to fix it by getting rid of "<", I can.
So what I've now done today (because I find thoughts take a while to trigger) is experiment in a comment I made on The Sounds Resource which is too old for anyone to notice is being edited, at least as far as the public-facing comments page goes. Anything enclosed in "<" and ">" gets removed unless separated by an HTML tag, for example a line break. Anything at all after a lonely < gets removed, which can include the entire comment (though it can't actually be submitted if it is made empty like this).
Because of the removal of "<" in particular is quite aggressive, I couldn't do anything that you certainly would not want like adding custom JavaScript. What I did manage, however, is to add custom attributes to an element. I chose the YouTube player - this might work on others but I've not tried. By inserting "[youtube]" style="height: 1000px" [/youtube]", for example, I can have a 1000px-tall YouTube player. It's fairly harmless, which is why I'm not contacting you privately about this, but it's still a bit of a vulnerability nonetheless.