The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
HTLML in posts
Allowing HTML in posts.
I'm a bit perplexed as to why VB has this option, I thought there were real security issues in allowing HTML in posts. I have to admit there are times when I have wanted to use it, so can someone explain why the option is there, and what the real risks are to allowing it, even if it is for Admins only ? |
#2
|
|||
|
|||
They don't recommend it. It's even disabled by default.
|
#3
|
|||
|
|||
Which is what I knew, so why include it in the first place !!
|
#4
|
|||
|
|||
I'm not an expert on the subject, but I think the risks range from mostly harmless "broken" html that might make the page look wrong, to running scripts or other things that could be harmful or trick users into doing something (because users will trust it like it's your site).
As for why it's an option, I guess there might be situations where the forum owner decides to take the risk, like maybe a company internal forum where all the members are employees (or maybe if you trust everyone who has permission to post, like all admins). It's a simple option to implement, because in the end the post has to be html, so really it's just turning off the processing that would otherwise need to be done. |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|