Thread: Why is HTML in forums so dangerous?
View Single Post
  #4  
Old 06-12-2006, 08:12 PM
good2laugh good2laugh is offline
 
Join Date: Jul 2002
Location: London
Posts: 51
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Zachariah

There are times when I enable HTML

- Site staff access to post only
- trusted usergroup w/ users (people that need it on for whatever reason)
- moderated post/thread rights on the forum if open to every day members

Hi, you mention trusted usergroup would or could this include users I've "created" to post RSS feeds. they are in a unique group which isn't viewable on groups and isn't joinable.

I've just noticed some of the yahoo alerts post html links which may be pictures of whatever, but just looks a mess. I don't want to moderate every post. As the users are made up by me is it safe to allow them to use html, I mean nobody can hijack their usename right? or wrong?
I've been hacked, as has others with similar forum topics - and that person is still around and determined to take us all down, so its quite important that I keep things as secure as poss - but I like this rss thingy and want it to post correctly.

In relation to this, I assume on VBoptions I have to allow html - and assume I then go to usergroup permissions to disallow it for all groups except my RSS feeders?

I know basic html only and am a master at the find this code, above that, add this code type instructions I get here.. but that is the extent of my knowledge, so please forgive me if I've just asked a bunch of stupid questions.

TIA
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01226 seconds
  • Memory Usage 1,765KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete