Is there a way to allow HTML in signatures, but not JavaScript? The reasons should be obvious enough. I did a search, and did not find anything. Should be a change easy to do, right?

d.

Javascript is automatically removed from all texts in vBulletin:
javascript:xxx

Does not seem to be. I've got an user with JavaScript on his signature that works fine. I do have HTML enabled for signatures, and I'd like to block JavaScript.. or the whole <script> tag.
d.

Go to admin cp. vB Options. Add the <script> into the to censor word list.

That censor thing did the trick. But I went to printthread.php and added: $post[signature] = eregi_replace("< *SCRIPT", "<!--", $post[signature]);
$post[signature] = eregi_replace("< */SCRIPT *>", "-->", $post[signature]);afterif ($post[showsignature] and $allowsignatures and trim...Not optimal, but seems to work :)

d.

No...that did *not* work. I guess I'll use the censor thing then. Oh well.... :(

d.

The problem is that users can use event handlers to launch scripts (i.e. onClick, onLoad, etc...) So you'd need to block all event handlers to prevent scripts from lauching. The problem with that is that IE supports tons of their own propritary event handlers, so it would be a lot of work.

Dan

I see your point...

d.