Quote:
Originally Posted by tmhall
What are the insanely high security risks in enabling HTML?
|
How about opening you up to unwanted litigation for a start? In today's litigious society if one of your clients/customers gets hacked and they manage to trace it back to your board you're wide open for repurcussions.
Don't be naive enough to think your users won't come after you... we had a software company a few years ago and almost got into trouble ourselves. One of our clients' customer's computers got hit with a virus and they tried to blame our software. After many emails back and forth to our duplication company and several onsite visits, I was able to prove that the virus in fact, came from one of their own employees who was bringing infected disks in from home. He had been hacked and didn't even realize he was causing (and re-causing, and re-re-causing, etc...) the problem!
If I hadn't overheard a conversation about it being the fifth time their systems had to be cleaned (four before they purchased our software), our software company would've been ruined.
I have to agree with the group - raw html is too dangerous!