| View previous topic :: View next topic |
| Author |
Message |
ricecake 
Joined: 17 May 2007
Posts: 1890
Location: Linthicum Heights, MD
|
 Posted: Thu Feb 14, 2019 4:43 am Post subject: Can't Preview or Post with Parentheses in Message Body |
 |
|
I tried to edit a post and when I hit Preview, I got the 403 error. I also tried posting without previewing and that did not work either.
Previewing this post when posting new works.
EDIT: It seems it has to do with parentheses:
| Code: | | <b>one</b> (<b>two</b>) |
I had to use the HTML entity codes (ampersand-hash-40-semicolon and ampersand-hash-41-semicolon) to get the above code to post. When I try to use actual parentheses, I get the 403 error. It seems to work if I only replace either one with an actual parenthesis; it is only when I replace both of them that I get the error. Also, I used real parentheses in this paragraph; it may be related to having the parentheses on the same line as embedded HTML.
EDIT2: Found another case:
Interestingly, for this case, if I use the HTML entity, then I get the 403; if I use a real parenthesis, then it works. Also, the newline between the period and the end-of-list BBcode is significant.
Maybe an issue with escaping special characters?
_________________
|
|
| Back to top |
|
 |
ricecake
Joined: 17 May 2007
Posts: 1890
Location: Linthicum Heights, MD
|
| Posted: Thu Feb 14, 2019 6:40 am Post subject: |
|
|
EDIT: Sorry, meant to post this in a different thread... Tried to delete the post but it just gave me a blank page. Might be the IPv6 issue.
_________________
|
|
| Back to top |
|
|
bushidox
Joined: 09 Jun 2008
Posts: 2539
Location: STL
|
| Posted: Thu Feb 14, 2019 1:43 pm Post subject: |
|
|
In addition, if you put a "." after an image you get the same error.
Also, you cannot post with an equal sign without the same error getting thrown up. 443 error.
_________________
|
|
| Back to top |
|
|
JCirri
Joined: 04 Feb 2006
Posts: 4576
|
| Posted: Fri Feb 15, 2019 6:09 am Post subject: |
|
|
These 403 issues are unfortunately all false positive pattern matches against some security checks that are being ran. I've been tweaking the ruleset to help cut these down, but it might be hard to entirely eliminate them.
Thanks for the notice on these specific cases - I'll look through the server logs tomorrow and see if I can target fixes on those.
_________________
|
|
| Back to top |
|
|
JCirri
Joined: 04 Feb 2006
Posts: 4576
|
| Posted: Sat Feb 16, 2019 7:14 am Post subject: |
|
|
I think for the most part we'll unfortunately need to live with some inconvenience on these false positives, as I'm not seeing much else that I can easily / safely target without disabling larger chunks of useful security.
If you encounter a 403, which hopefully isn't very common, it's most certainly due to something in the post and I'd suggest trying again with portions removed or altered until it works.
Periods ending lines seems to be one situation, use of open and close parenthesis/brackets/etc. is another, so I'd try reducing the use of them as a first step when/if you hit the error.
In most browsers, hitting the "back" button after a 403 should restore post contents, so hopefully that would help to avoid losing the written post entirely.
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
