Is it possible to execute code within a post ?

#12345

New member
Hi all,
First, sorry for my poor language's quality, english is not my first language ...

Well, I know that had been asked two years ago here, but I want to have an answer that hadn't been given ...
So, there's a code editor option in XenForo's forums :
1653642844323.png
In Java, by example it gives :
Java:
class HelloWorld {
    public static void main(String[] args) {
        System.out.println("Hello, World!");
    }
}

But, is it possible to compile that code, like in a code editor, to have something like that :
Code:
Hello, World!

Thanks by advance for your answers !!
 

MySiteGuy

Well-known member
Being able to execute code in a post would be a dangerous security problem. Any software that allows such a thing is not something anyone who cares about the security of their system would want installed on their server.
 

briansol

Well-known member
you can change it with an addon.

If you're thinking about creating something like stackoverflow or jsfiddle with inline execution, you can make an addon call an iframe in a similar fashion and host the code externally via that iframe domain.

anything is possible, but it's not standard out of the box.
 

MySiteGuy

Well-known member
You'll surely think I'm dumb but I don't see how .... But that's XenForo decided and we can't change it ;)

Thanks both .. this subject can be closed :p

No, I do not think you are dumb. I do think you are either naïve or ignorant about good security practices.

Someone putting code in a post could allow them access to the database, private email addresses, and password hashes. Even if it's only client side code like Javascript, it could be used for cookie hi-jacking.
 
Top