XF 2.3 Double curly braces not supported inside [code] tags

[Roiarthur]

Hi everyone,

I just wanted to point out that it seems the BBCode code tag in XenForo doesn't properly handle expressions that include double curly braces, like in Power Query (M language) formulas.

For example, this line:

= Table.TransformColumns(#"Étape précédente", {{"Montant", each Text.Select(Text.From(_), {"0".."9",",",".","-"})}})

 

[Roiarthur]

It is working here but not on my forum

 

[Roiarthur]

My PHP version is 8.4

 

[Roiarthur]

OK i fixed it, i just rebuild a new child style

 

[Roiarthur]

No it is not working on my board in XenForo default style or the child

= Table.TransformColumns(#"Étape précédente", {{"Montant", each Text.Select(Text.From(_), {"0".."9",",",".","-"} )}})

 

[beerForo]

I don't have the issue. What happens if you rebuild master data?

 

[Roiarthur]

Oops! We ran into some problems.
Oops! We ran into some problems. Please try again later. More error details may be in the browser console.

Layout was forced before the page was fully loaded. If stylesheets are not yet loaded this may cause a flash of unstyled content. preamble.min.js:4:395
Error: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>


Layout was forced before the page was fully loaded. If stylesheets are not yet loaded this may cause a flash of unstyled content. preamble.min.js:4:395

Error: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>

 

[Roiarthur]

I am under PHP 8.4 and Xenforo 2.3.7

 

[Roiarthur]

The error appears with these double : {{ and }} Xenforo refuse to take the code

 

[Roiarthur]

Resolved: 403 Forbidden when posting code with {{ }} on XenForo

Thanks to PlanetHoster for the quick help. The issue was caused by the Web Application Firewall blocking double curly braces. After further checks, the fix was to disable WAF rule 340130 for my site.

Action taken

• In N0C → Security → Web APP Firewall, customize the WAF for tutoriaux-excalibur.com and disable rule 340130.
• KB reference: https://kb.n0c.com/knowledge-base/a...ion-du-bastion-dapplication-web-waf-avec-n0c/

Details from the logs

• Rule: Atomicorp.com WAF Rules – 340130
• Message: “AngularJS client side template injection detected”
• Matched on parameters like ARGS:message_html and ARGS:title when the payload contained {{...}}.

Excerpts

[security2:error] ModSecurity: Access denied with code 403 (phase 2).
Pattern match "{{.*?}}" at ARGS:message_html.
[file "/etc/httpd/waf.rules/10_asl_rules.conf"] [id "340130"]
[msg "Atomicorp.com WAF Rules: AngularJS client side template injection detected"]
[data "Matched Data: ... =SI({{A1}}>={{B1}};\"OK\";\"NON\") ..."]
[uri "/threads/test.38703/add-reply"]

[security2:error] ModSecurity: Access denied with code 403 (phase 2).
Pattern match "{{.*?}}" at ARGS:title.
[file "/etc/httpd/waf.rules/10_asl_rules.conf"] [id "340130"]
[msg "Atomicorp.com WAF Rules: AngularJS client side template injection detected"]
[data "Matched Data: ... double accolades {{ et }}"]
[uri "/forums/.../post-thread"]

After disabling rule 340130, posting code snippets that include {{ }} works as expected.