Author Topic: music  (Read 3422 times)


  • Underling
  • *
  • Posts: 1
« on: June 01, 2009, 04:32:26 AM »
this is actually more of a question than a suggestion, but, how are people putting music on their cohfaces profiles? I can't find any posts on the topic. I had one friend try to explain it to me and i still can't figure it out.


  • Elite Boss
  • *****
  • Posts: 1,602
Re: music
« Reply #1 on: June 01, 2009, 01:06:58 PM »
.... well this actually goes against what I just said in a different thread, lol.

This isn't supposed to be allowed, and as of 2 days ago no one will be able to do it.


  • Titan Staff
  • Elite Boss
  • ****
  • Posts: 2,175
    • Paragon Wiki
Re: music
« Reply #2 on: June 02, 2009, 05:21:02 AM »
Yeah, that wasn't supposed to be able to happen.  I'm just now getting around to poking around with the code of other Titan Network sites, and Faces was the first one I kind of got up close and personal with.  Over the past couple of days, I've fixed this little loophole in comment posting and profile editing.

The nutshell version is that the comments and profile fields were being passed through unsanitized, so if you, for example, put a comment in that said something like <b>This is important!</b>, it would show up as This is important!

Some folks were using that to embed videos off of YouTube in their profile fields and/or comments.  They'd make the player something like one pixel by one pixel so that it wouldn't actually show up, but you could hear the soundtrack to it, which was a song or other audio that they liked.

Now, I don't particularly have anything against people wanting a soundtrack to their Faces page, but there are two serious problems that make the idea in general a huge no-no.  First, just as you could embed YouTube videos, you could also embed really nasty stuff, like malicious javascript and other undesirable things.  Second, since comments weren't filtered, there was nothing stopping someone from posting music that you didn't want on your page.  (To my knowledge, this didn't actually happen; some people requested that music be posted to their page, but I don't think it was ever done maliciously.)

The potential for someone's browser getting hacked by malicious code or the possibility of people using embedded HTML to grief another player was just too great.  Accordingly, we've removed the ability to embed HTML in comments and profile fields.

However, we don't want to leave everyone high and dry.  I coded in a few BBCode tags to make text bold, italic, or even insert links to other sites or pages.  I also coded it so that you can now put linefeeds in comments if you want without having to resort to <br> tags.  I plan on adding some more codes to do various things, and at some point, it's likely you'll be able to add pictures and/or videos in some fashion.  We don't want to limit folks, but still, we have to make sure that our site doesn't take an ugly turn for the worse when some wise-[censored] figures out, "Hey, if they can embed music, then I can get their passwords and credit card numbers!"  (And you just know that at some point, someone would try...)

I've posted a news item on the Faces front page describing the changes.


  • Underling
  • *
  • Posts: 1
Re: music
« Reply #3 on: June 04, 2009, 04:05:35 PM »
Yeah i was one of the originals and never relay thought of it like that
so fair enough
but cheers for doing the whole youtube code thing
is there anyway of autoplay though?