Feedback on NI Community
Dragging toolbar buttons while composing a message
You know that in the "Message body" box where we compose messages there is a toolbar used to format text, add a url, an image and so on. What I noticed is that the buttons on this toolbar can be drahhed into the message text box and they appear there exactly as buttons. They are sjowed as buttons even while previewing my message: now I'm testing what happens when actually posting the message.Here I added the "Insert an image" button: 
Here the "Insert a Hyperlink": 
Here the "Insert Smileys": 
...and formatting text buttons: 
Ok, in the actual message only the associated image is shown 
.
.The strange fact is that in the "Preview post" box they are still operable, while obviously the smiley in the preceding sentence is not! Last observation: in the preview the first 2 buttons emit the usual dialogues for inserting the image or the hyperlink, while all the others show the smiley box 
And they are somewhat operable: the smiley on the first line was added by selecting a smiley in the selection box showed by pressing the "Strikethrough" button in the preview!
And they are somewhat operable: the smiley on the first line was added by selecting a smiley in the selection box showed by pressing the "Strikethrough" button in the preview!
Message Edited by Roberto Bozzolo on 02-04-2006 08:28 AM
This is cool, but does not sound good! 😞
You can do an "edit as HTML" to see the code it inserts. e.g. in the case of "quote post", it generates:
<IMG onmouseup="this.className='raise';" class=depressed onmousedown="this.className='depressed'" onmouseover="this.className='raise';" onclick=quotePost(); onmouseout="this.className='norm'" height=22 alt="Quote Post" src="http://forums.ni.com/i/global/post_quote.gif" width=22 border=0>
My personal feeling is that it could be a security risk to allow code execution from a composition form (I am no expert on this, though).
