I'm not sure which forum to put this in, the "How Do I" or this forum...so it's going here for now! :D

Anyway, I have not enabled HTML on my site because I want to eliminate all of the possible so-called "malicious" tags that can create havoc on such a board as this...what I would like to know is:

(1) A complete listing of all the possible malicious tags out there. :D J/K, I know this is probably not possible, but please let me know the MOST COMMON ones to eliminate.

(2) How to go about eliminating such tags...is there an easy, "Admin Control Panel" way to do it, or do I have to hack up some of the pages? If so, which pages do I hack up?

Thanks!

The only ones that can do some real real real real damage are the <script> tags...which means the <a> tags, since they can execute script code using hyperlinks...others would be <form><input><textarea><select> etc. so they can't go playing with forms...formatting tags are harmless, like <address> or <acronym> or something...it's really up to you to decide what you want your users be able to do.

<iframe>

<iframe> and <script> would be the worst... because <script> can be used to run Javascripts on the page, and <iframe> can be used to open a page with a <script> on it if <script> is disabled on your forums.

http://www.vbulletin.com/forum/showthread.php?s=&threadid=36504

on the note that firefily left, the link that he provided I would like to comment on. as I can't post in that forum I would like to post it here. if it is wrong, then I will delete it.

smachol
How is allowing images a 'security risk'? It may open the door to abuse (links to porno shots) but I fail to see what the security risk is.
the reason it is a security risk is because you can have an img link look like so

<img scr="www.somebodies_site.com/file.php">

as that can be harmful. although it can be an image I am sure the file could do some damage. something to think about......