Draft Posts

[Stone]

Here's an interesting question........why does the OTZ forum software remember what's written into a 'reply' window but not posted?


Yesterday I was responding to The Man's post above and got sidetracked and didn't post it. I deleted it. Today when I went to respond, my entire unposted 'reply popped up in this reply window.

Is every word entered into a reply window being saved even though it's not posted?

So, this will be a test.

The time is ~9:27 ESDT and I'm going to delete this reply with out posting it, and see if it's saved. I'll clear my browser cash and login in a few minutes



edit:
Time is now 9:32 EDST as I write this and the above post was saved to the OTZ server with out being posted.
I logged out. Cleared my browser cash, logged in and my unposted reply returned.

I'd like an explanation. And I'll be reporting this.

 

[Stone]

Interesting, If I block scripting, the above does not occur.

Looks like I'll be blocking scripting at this site.

 

[AUFred]

hopefully Jordan will read your post and be able to answer your question.

 

[Stone]

Thanks, AUFred.

I saw that as uploading with out permission which in these times seems a vector for abuse from a malicious hacker.
While I do run my browser in a sandbox and whitelist the apps allowed, I've read that can be defeated.

And any poor soul using XP without massive security precautions along with the loss of security updates in the near future, easily owned.

I doubt this site would do anything malicious, but to me that looks like a security risk waiting to happen.

 

[Jordan]

I'd like an explanation. And I'll be reporting this.

What exactly are you reporting? At the moment, OTz does not utilize UPP.

Regarding the posts, XenForo in the 1.2 update had an auto save feature. When typing in the quick replies, new threads, PM's, etc it saves a draft as messages are being composed every 60 seconds. These drafts are stored for up to a maximum of 24 hours. It is very convenient say if perhaps you closed your browser by mistake and had typed up a big paragraph. This draft saves you from having to type it all up again.

here is XenForo's official paragraph on it:

While you are typing a message, every X seconds (currently 60), a draft of your message will be saved. If you reload the page later, your message will be automatically re-shown. Drafts will be automatically pruned over time.
Each draft is associated with a particular piece of content, such as a thread, forum, or conversations. A draft reply that you start working on in thread 1 will not be shown to thread 2 and so forth.

This is not a feature I am looking to get rid of as I use it daily when I'm on a busy schedule and like to start posts in advance.

 

[Stone]

I see it as unauthorized uploading of information, Jordan.
It's one thing to temporarily save a draft in a browser on our own computers and another to be uploading it to your server.

If blocking scripting stops this activity, I'll keep on blocking scripting at OTZ.

But I'd like to know, is blocking scripting only preventing me from being aware of this unauthorized upload?
Or is blocking script with NoScript stopping this upload?

 

[The Man]

Yahoo mail does the same thing....saves drafts.
I like the feature here and on Yahoo both.
I dont see it as anything malicious as we know it is doing it.
While I am typing a post I will see on occasion where it informs me it is saving what I have already typed.

 

[Stone]

Yahoo mail does the same thing....saves drafts.
I like the feature here and on Yahoo both.
I dont see it as anything malicious as we know it is doing it.
While I am typing a post I will see on occasion where it informs me it is saving what I have already typed.

Yahoo Mail is a secure and encrypted link , OTZ isn't. Thus the Yahoo connection and transfer of information has a higher level of security and not comparable.
Drafts at Yahoo can be deleted but not at OTZ.
At Yahoo mail, it's an option to save drafts to the Yahoo server.
At OTZ the uploads have been automatic, no choice and for me, no notification.

And just because someone else does it, doesn't mean it's a secure feature.

The issue isn't that Jordan is using it maliciously, I doubt he is, it's a question of how vulnerable this setup is to being abused or even hacked, by someone other than administration.

While I am typing a post I will see on occasion where it informs me it is saving what I have already typed.

That's something I've never seen here and several of my posts have gone longer than the standard greeting.

Convenience seems to be a vulnerability on the internet.
As far as convenience, obviously I saw it as something questionable.



I suspect NoScript turns off this unauthorized uploading, but I'd like to make sure and that's why I'm asking.