Min version Core Lib 2.2.5
Delete option: "The hide tag will work as a reply tag" added in 2.2.0
Add new option to match the tag of a hide with another
Hide tag completely redesigned. Now if the user specifies an option for the tag that starts and ends with (). For example [HIDE=(option)], will now handle conditions. If the user has not specified options and the tag does not match other tags, then it will work as before for output to registered users.
Tag
View hidden content is available for registered users!
- The hidden text "Hello world!" will be displayed if the number of user posts is greater than 1 OR the number of likes is greater than 1.
[HIDE=(posts > 1 and likes > 1)]Hello world![/HIDE] - The hidden text "Hello world!" will be displayed if the number of user posts is greater than 1 AND the number of likes is greater than 1.
[HIDE=(days > 1 or user_state == "valid")]Hello World![/HIDE] - The hidden text "Hello World!" will be displayed if the number of days since user registration is greater than 1 OR the user state is "valid".
[HIDE=(isMemberOf(2) or trophies >= 0)]Hello World![/HIDE] - The hidden text "Hello World!" will be displayed if the user is a member of group 2 OR the number of user trophies is greater than or equal to 0.
[HIDE=(is_staff)]Hello World![/HIDE] - The hidden text "Hello World!" will be displayed if the user is a staff member.
Security and how safe is the use of such a wide range? Yes, it is completely safe, and for expression interpretation, the addon does not use eval.
This is important from a security perspective because the use of eval() can pose a risk, especially if the input data is not properly validated. The eval() function allows for the execution of arbitrary code, including potentially dangerous operations, and can be used for injecting malicious code or performing unwanted operations.
So how does it work then if eval() is not used?
When an expression is passed, it is first parsed into tokens such as identifiers, operators, numbers, and strings. Then, the expression is analyzed using grammar and syntax rules.
The analyzer constructs a syntax tree (AST) that represents the structure of the expression.
After the AST is built, the expression is interpreted by traversing the AST and executing the corresponding operations and functions defined in the context.
This approach, based on parsing and interpreting expressions using a context, provides safe execution of expressions as it does not require the use of the eval() function and allows for control over available operations and functions, minimizing potential vulnerabilities.
