I notice people missed this. The reason its still in there is that it's a feature. Not every forum is open to the general public. Some companies might use the feature if the forum is for internal use only.

Other than that your problems going to be a tricky one since alot of things users can do can disrupt the style if nothing else. You'd probably be better settinging up a load of BB code that gives most of the functionality of HTML with out the risk.

I've seen a few instances where admins will use a forum for announcments, ect and allow html, but no one else can post in them.

That's a good point, and I saw some mention of intranets at vb.com. Still, if it's as much of a security threat as some of these guys seem to think it is I would think they'd just remove it. Employees can wreak just as much havoc (intentionally or by accident) as random Internet people.

Yeah, as I mentioned in my first post I have installed a hack that allows me to enable HTML by usergroup, and I'm only putting select people in it (with the caveat that if they do anything stupid or shady I'll remove them). If I had a much larger forum with a large number of unknown people and me or my co-admin wasn't around all the time I'd be worried. As it is I'm just not.

Thanks for your input guys, but I think if I have any more questions about tweaking HTML I'll take them somewhere else. You lot are just crazy anti-HTML. ;) :D

They won't remove the feature because an equal number of people would complain.

Even if HTML could be enabled per usergroup, and even though you can enable it per forum in conjunction with permissions, I still would not do it. Any permission bug could then lead to people posting HTML.

We're not "anti-HTML." We recognize the inherit dangers of allowing it anywhere on your forums. The true thread is Javascript, but that is delivered in this case through the HTML used. I enormously overwhelmingly strongly recommend you disable HTML instantly and find an alternate solution to your root problem.

*recommends to code your own features for posting instead of relying on html*

No problem - however, just so we are clear, I support the general opinion here.

Anyone who allows users to use html on a public forum is insane, and asking for trouble. A half decent [malicious] coder could write some code in his sig that could do serious damage to the average persons PC very quickly, or equally redirect people to their own site (which could be hard core porn, or worse) and seriously damage the reputation of your forum. Don't do it.

We're clear, but of course the only way to be 100% safe is to take your forum offline. ;)

As an administrator I have to balance the risks - and in this case the biggest risk seems to be the possibility of inadvertently giving HTML rights to a malicious person who is able to do significant damage before I can stop it - against the benefits, such as increased user satisfaction and aesthetic appeal. I appreciate that for everyone here the former easily outweighs the latter, but it's my decision to make and I believe I have all the information I need to make that decision.

You call it insane and asking for trouble, I call it trying to provide the most postive and rewarding environment for my users that the technology affords with a reasonable assessment of the involved risks. Hey, they all said I was crazy for not having any moderation too, but here we are a year later doing just fine. To each his own, I guess. :)

Yes, each to his own. Just don't say we didn't warn you. :)

I just vB doesn't enable PHP in posts. :)

I promise I would never say such a thing. :D