Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2019-08-22 13:24:09

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,509

Are Textile'd images broken on the forum for anyone else?

I don’t do Textile’d images very often, so please correct me if I’m doing this wrong, but I think forum images are broken:

Testing with !https://textpattern.com/img/article-832w/53.jpg!

!https://textpattern.com/img/article-832w/53.jpg!

Offline

#2 2019-08-23 00:59:04

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 1,677
Website

Re: Are Textile'd images broken on the forum for anyone else?

Hmm, your image surely does not display atm. Let’s see, just in case the server you used doesn’t allow to to do that. Below a colourful rectangle on a server I control:

!https://dev.l-c-n.com/_b/32.png!

Hmm nope :-(

The textile syntax is correct, so that is not the issue.

PS – Safari flags this in the error console for this page. You, or your evil twin, might want to look at it.

Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.

Offline

#3 2019-08-23 06:53:31

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 3,487
Website

Re: Are Textile'd images broken on the forum for anyone else?

Likewise, all textiled images in the form seem to be affected, also in previous posts.

BTW: I don’t see the console message for this thread in Safari.


TXP Builders – finely-crafted code, design and txp

Offline

#4 2019-08-23 08:44:33

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,509

Re: Are Textile'd images broken on the forum for anyone else?

jakob wrote #319106:

BTW: I don’t see the console message for this thread in Safari.

Same for me. Strange. And there’s a CSP script-src restriction reportedly preventing Textile image parsing, not an image-src restriction. Odd.

I have a clear console in Mac/Safari and Mac/Firefox. The image-src CSP permits images from everywhere. I’ve made a change that includes unsafe-inline on script-src, which I’m not overjoyed about, but let’s see if that helps.

phiw13: for curiosity’s sake, do you recall what the script filename was in your console, please?

Edit: typo

Last edited by gaekwad (2019-08-23 08:51:58)

Offline

#5 2019-08-23 08:51:23

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,509

Re: Are Textile'd images broken on the forum for anyone else?

OK, the script-src change to include unsafe-inline and images still aren’t working here.

jakob, phiw13: would you be able to sanity check this URL…:

cspvalidator.org/#url=https://forum.textpattern.com/viewtopic.php?pid=319107

…and confirm you see:

  • img-src includes data: and *
  • script-src includes unsafe-inline (and others)

(I’d include a screenshot, but…y’know.)

Offline

#6 2019-08-23 08:56:28

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 3,487
Website

Re: Are Textile'd images broken on the forum for anyone else?

This commit from 7 June seems to be the most recent update of the textile parser for the forum. It revises the way Textile is called to the new method and does include various ->setImages(true) and ->setImages(false) statements for the various situations. At first glance, the changes seem to match the given previous situations, but maybe someone more knowledgeable than me can check that…


TXP Builders – finely-crafted code, design and txp

Offline

#7 2019-08-23 08:57:41

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 1,677
Website

Re: Are Textile'd images broken on the forum for anyone else?

gaekwad wrote #319107:

Same for me. Strange.[…]

phiw13: for curiosity’s sake, do you recall what the script filename was in your console, please?

hmm. I do have a user style for the forum injected with the Cascadea extension in a <style /> block). But I disabled it earlier today with no changes, the console error was still there.

I don’t remember more about that script, the console pointed to the <html /> tag.

Offline

#8 2019-08-23 08:58:48

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 3,487
Website

Re: Are Textile'd images broken on the forum for anyone else?

gaekwad wrote #319109:

would you be able to sanity check this URL…:

cspvalidator.org/#url=https://forum.textpattern.com/viewtopic.php?pid=319107

…and confirm you see:

  • img-src includes data: and *
  • script-src includes unsafe-inline (and others)

Yes, it does for me: (image)


TXP Builders – finely-crafted code, design and txp

Offline

#9 2019-08-23 22:15:03

Gocom
Plugin Author
From: Helsinki, Finland
Registered: 2006-07-14
Posts: 4,532
Website

Re: Are Textile'd images broken on the forum for anyone else?

jakob wrote #319110:

This commit from 7 June seems to be the most recent update of the textile parser for the forum. It revises the way Textile is called to the new method and does include various ->setImages(true) and ->setImages(false) statements for the various situations. At first glance, the changes seem to match the given previous situations, but maybe someone more knowledgeable than me can check that…

Ding, ding ding. Those Parser::setImage(bool $enabled) appear to be wrong way around. Images appear to be TRUE for new users, and FALSE for everyone else. All of that is written blind, so it’s the least you could expect.

As far as all that client-side stuff goes; the markup is processed on the server.

Offline

#10 2019-08-24 00:01:27

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 1,677
Website

Re: Are Textile'd images broken on the forum for anyone else?

gaekwad wrote #319107:

phiw13: for curiosity’s sake, do you recall what the script filename was in your console, please?

I found what inserted some inline script(s) into the page: the StopTheMadness extension (increase privacy).

Offline

Board footer

Powered by FluxBB