View previous topic :: View next topic |
Author |
Message |
ricecake
Joined: 17 May 2007 Posts: 1890 Location: Linthicum Heights, MD
|
Posted: Thu Feb 14, 2019 4:43 am Post subject: Can't Preview or Post with Parentheses in Message Body |
|
|
I tried to edit a post and when I hit Preview, I got the 403 error. I also tried posting without previewing and that did not work either.
Previewing this post when posting new works.
EDIT: It seems it has to do with parentheses:
Code: | <b>one</b> (<b>two</b>) | I had to use the HTML entity codes (ampersand-hash-40-semicolon and ampersand-hash-41-semicolon) to get the above code to post. When I try to use actual parentheses, I get the 403 error. It seems to work if I only replace either one with an actual parenthesis; it is only when I replace both of them that I get the error. Also, I used real parentheses in this paragraph; it may be related to having the parentheses on the same line as embedded HTML.
EDIT2: Found another case:
Interestingly, for this case, if I use the HTML entity, then I get the 403; if I use a real parenthesis, then it works. Also, the newline between the period and the end-of-list BBcode is significant.
Maybe an issue with escaping special characters? _________________
|
|
Back to top |
|
|
ricecake
Joined: 17 May 2007 Posts: 1890 Location: Linthicum Heights, MD
|
Posted: Thu Feb 14, 2019 6:40 am Post subject: |
|
|
EDIT: Sorry, meant to post this in a different thread... Tried to delete the post but it just gave me a blank page. Might be the IPv6 issue. _________________
|
|
Back to top |
|
|
bushidox
Joined: 09 Jun 2008 Posts: 2539 Location: STL
|
Posted: Thu Feb 14, 2019 1:43 pm Post subject: |
|
|
In addition, if you put a "." after an image you get the same error.
Also, you cannot post with an equal sign without the same error getting thrown up. 443 error. _________________
|
|
Back to top |
|
|
JCirri
Joined: 04 Feb 2006 Posts: 4576
|
Posted: Fri Feb 15, 2019 6:09 am Post subject: |
|
|
These 403 issues are unfortunately all false positive pattern matches against some security checks that are being ran. I've been tweaking the ruleset to help cut these down, but it might be hard to entirely eliminate them.
Thanks for the notice on these specific cases - I'll look through the server logs tomorrow and see if I can target fixes on those. _________________
|
|
Back to top |
|
|
JCirri
Joined: 04 Feb 2006 Posts: 4576
|
Posted: Sat Feb 16, 2019 7:14 am Post subject: |
|
|
I think for the most part we'll unfortunately need to live with some inconvenience on these false positives, as I'm not seeing much else that I can easily / safely target without disabling larger chunks of useful security.
If you encounter a 403, which hopefully isn't very common, it's most certainly due to something in the post and I'd suggest trying again with portions removed or altered until it works.
Periods ending lines seems to be one situation, use of open and close parenthesis/brackets/etc. is another, so I'd try reducing the use of them as a first step when/if you hit the error.
In most browsers, hitting the "back" button after a 403 should restore post contents, so hopefully that would help to avoid losing the written post entirely. _________________
|
|
Back to top |
|
|
|