|
Joined: Feb 2002
Posts: 950
Hacker
|
Hacker
Joined: Feb 2002
Posts: 950 |
Just curious, does anyone allow HTML in any of their forums and have they had any problems?
|
|
|
|
Joined: May 2003
Posts: 1,068
Junior Member
|
Junior Member
Joined: May 2003
Posts: 1,068 |
I personally don't because there are huge security risks, but as an admin I can post it so I do from time to time.
|
|
|
|
Joined: Nov 2001
Posts: 10,369
I type Like navaho
|
I type Like navaho
Joined: Nov 2001
Posts: 10,369 |
I have one client who does... they all use the HTML for their posts. They never had any problems.
|
|
|
|
Joined: May 2003
Posts: 1,068
Junior Member
|
Junior Member
Joined: May 2003
Posts: 1,068 |
I don't worry about security as much as I do melicious content (although security should always be considered) such as people adding in code for popups and that sort of thing, it can be a very poor reflection for a site. On the other hand it would make a good arguement for a mod that would allow admins the ability to disable html per user or group
|
|
|
|
Joined: Apr 2002
Posts: 1,768
Addict
|
Addict
Joined: Apr 2002
Posts: 1,768 |
UBB.threads uses a "blacklist" approach to filtering HTML: it allows everything except code that's "known" to be dangerous. That's risky, because there may be exploits that have not yet been discovered.
A better method is to use a "whitelist": only allow code that is known to be safe.
Until UBB.threads adopts the whitelist method, I wouldn't recommend allowing HTML.
|
|
|
|
Joined: Aug 2000
Posts: 1,609
Addict
|
Addict
Joined: Aug 2000
Posts: 1,609 |
Dave_L, where is this code that blacklists? I always thought it was the whitelist approach that they used in ubbt.inc.php. You code that if someone types in UBBCode, then replace it with a certain HTML code. Oh, and I don't have HTML enabled at my site. No HTML for you! You come back...one year!
|
|
|
|
Joined: Apr 2002
Posts: 1,768
Addict
|
Addict
Joined: Apr 2002
Posts: 1,768 |
My blacklist comments refer to the way that HTML is filtered (if HTML is enabled), not UBB Code.
|
|
|
|
Joined: Aug 2000
Posts: 1,290
Addict
|
Addict
Joined: Aug 2000
Posts: 1,290 |
|
|
|
|
Joined: Jun 2002
Posts: 670
Code Monkey
|
Code Monkey
Joined: Jun 2002
Posts: 670 |
I have HTML enabled and I don't have any problems
|
|
|
|
Joined: Jun 2003
Posts: 1,025
Junior Member
|
Junior Member
Joined: Jun 2003
Posts: 1,025 |
[] donJulio said:I have HTML enabled and I don't have any problems [/] Do you want me to cause some. j/k(I wouldn't know how even if I wanted to.)
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
Posts: 21,079
Joined: March 2000
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
|
Most Online5,166 Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|