UBB.Developers Forums UBB.threads 7 Development How Do I? Enable HTML?

Just curious, does anyone allow HTML in any of their forums and have they had any problems?

I personally don't because there are huge security risks, but as an admin I can post it so I do from time to time.

I have one client who does... they all use the HTML for their posts. They never had any problems.

I don't worry about security as much as I do melicious content (although security should always be considered) such as people adding in code for popups and that sort of thing, it can be a very poor reflection for a site. On the other hand it would make a good arguement for a mod that would allow admins the ability to disable html per user or group

UBB.threads uses a "blacklist" approach to filtering HTML: it allows everything except code that's "known" to be dangerous. That's risky, because there may be exploits that have not yet been discovered.

A better method is to use a "whitelist": only allow code that is known to be safe.

Until UBB.threads adopts the whitelist method, I wouldn't recommend allowing HTML.

Dave_L, where is this code that blacklists? I always thought it was the whitelist approach that they used in ubbt.inc.php. You code that if someone types in UBBCode, then replace it with a certain HTML code.

Oh, and I don't have HTML enabled at my site. No HTML for you! You come back...one year!

My blacklist comments refer to the way that HTML is filtered (if HTML is enabled), not UBB Code.

HTML on is Evil...

I have HTML enabled and I don't have any problems

[]donJulio said:
I have HTML enabled and I don't have any problems [/]
Do you want me to cause some. j/k(I wouldn't know how even if I wanted to.)