This is one of the biggest security holes I have seen on here yet!!!! Allowing HTML, is one thing, but a SWF is totally different.
Yes, it could be used for pretty animations in signatures, but it can also be used for malicious purposes. Okay, many companies use flash adverts, but these are designed by professional flash authors who do not place actionscript in SWF files for other purposes.
SWF files do not need to be downloaded to your PC to infect it (You are correct on that remark!), with SWF's it's done on a much larger scale. SWF files can easily be coded to do call-backs, cause re-directs and much more.
Quote:
Please people, don't worry... be happy
|
People will not be happy when they lose their forums because of a modification, that has opened up their vBulletin to attacks.
I cannot see this modification being allowed to stay on vbulletin.org when it is such a high security risk to any forum!
It would not be too bad if it was Usergroup specific, but it is not even that.