Thread: Why is HTML in forums so dangerous?
View Single Post
  #3  
Old 06-11-2006, 03:55 PM
Zachariah's Avatar
Zachariah Zachariah is offline
 
Join Date: Feb 2002
Location: Canoga Park, CA
Posts: 2,125
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by bairy
Aside from screwing up the layout, why is it so dangerous?
One example: I go to your website all the time. It's great. One day go to a HTML thread on your site made by someone who wants to destroy end-user computers with spyway and virus with 1000's of pop ups.

There are times when I enable HTML

- Site staff access to post only
- trusted usergroup w/ users (people that need it on for whatever reason)
- moderated post/thread rights on the forum if open to every day members


Quote:
And couldn't the vb team put a filter of 'safe' tags as other sites (blogger, livejournal) do? It's just sometimes a <table> with css would be really useful in a post.
I have not looked yet, but I bet there are a few hacks out there with a bunch of BB Codes in 1 package. I recall a lot of CSS/HTML markup BB codes for text some time ago.


Custom BB Codes - vBulletin Manual
Its syntax is similar to HTML, but it has the benefit that you (the administrator) can define exactly what codes are allowable in order to prevent unwanted formatting or malicious use.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01217 seconds
  • Memory Usage 1,765KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete