In HTML allowed forums i choose "moderate threads" yes.but "moderate posts" no.is there a hack possibility here?should i choose "no" for "moderate posts"?

You should not allow html - the posts can still be viewed by moderators and admins, leaving their accounts open to attack - do not allow html at all is the only way to be safe.

not to mension someone could make a redirect page through a post

i censored the words;

http-equiv
<script>
<meta
Response.Redirect
header("Location
redirect(’
<script
language="Javascript"
window.location.href
redirectURL

is it enough?do you know anyother redirect codes?