[zetetic]

Quote:

Originally Posted by Brad.loo

Allowing html leads to javascript, or embeded flash .

I know. Some of my forum users have already posted some really cool stuff using javascript, embedded Flash, and other various applets. Some things that simply wouldn't be possible without HTML. I'm really looking forward to seeing what else they come up with.

Quote:

Such things can be powerful scripting tools and can take advanage of your users. With bbcode your server is in control of the code, with html on you depend on the end users machine which is always a bad thing when you are allowing users to pass said code to everyone!

Indeed. Hopefully our decision to limit HTML use to a select group of users and a continued policy of careful monitoring of the forum will prevent any possibly malicious users from causing any trouble.

Quote:

I wish you luck if you have enabled it, cause it won't be long..

A lot of people said exactly the same thing when I told them we didn't plan to moderate for content. For some crazy reason a lot of people seem to think the only possible way to run an Internet forum is like a fascist dictatorship. As I said earlier, though, we've been live a year and have a couple hundred regular, seemingly happy forum users. We're far from a huge forum, but we're not exactly struggling for visitors either.

The time may very well come that I have to disable HTML, make a bunch of strict rules and/or shut the forum down. But until then, I'm going to just keep doing what I think is best for the forum and my users. And at this time that means giving them features and not telling them what they can and cannot talk about.

Quote:

Originally Posted by filburt1

Using the built-in tags can only deceive the user at worst. HTML can take over your forums.

Hmm.. last time you said this I asked you exactly how someone could take over my forum using HTML, and you said they could steal my cookie and use it to login as me. But when I asked you to explain exactly how that's possible you said you don't like it when people argue with you. So are you going to tell me now exactly how someone can steal and use my cookies to take over my forum with HTML, or are you gonna get mad at me for asking again?

Quote:

Although I did disable the [img] tag at my site for security reasons, mainly for retarded bugs in IE that could attach VBScript to images.

Okay, well... if I felt that it was too much of a security risk to allow people to post images on my forum, I would take my forum offline. If all I wanted was a place for people to be able to chit chat in plaintext I'd start an IRC room.