vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   HTLML in posts (https://vborg.vbsupport.ru/showthread.php?t=298978)

Spangle 06-11-2013 11:54 AM

HTLML in posts
 
Allowing HTML in posts.

I'm a bit perplexed as to why VB has this option, I thought there were real security issues in allowing HTML in posts.

I have to admit there are times when I have wanted to use it, so can someone explain why the option is there, and what the real risks are to allowing it, even if it is for Admins only ?

Amaury 06-11-2013 12:04 PM

They don't recommend it. It's even disabled by default.

Spangle 06-11-2013 12:14 PM

Quote:

Originally Posted by Amaury25 (Post 2427337)
They don't recommend it. It's even disabled by default.

Which is what I knew, so why include it in the first place !!

kh99 06-11-2013 12:16 PM

I'm not an expert on the subject, but I think the risks range from mostly harmless "broken" html that might make the page look wrong, to running scripts or other things that could be harmful or trick users into doing something (because users will trust it like it's your site).

As for why it's an option, I guess there might be situations where the forum owner decides to take the risk, like maybe a company internal forum where all the members are employees (or maybe if you trust everyone who has permission to post, like all admins). It's a simple option to implement, because in the end the post has to be html, so really it's just turning off the processing that would otherwise need to be done.


All times are GMT. The time now is 01:30 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00988 seconds
  • Memory Usage 1,712KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (4)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete