View Full Version : HTML security
theGAME
Fri 8th Dec '00, 7:22pm
What is wrong with leaving HTML codes On??
I mean why its considered insecure??
I hear a lot of Admins prefer to turn it Off all the time !!
Can someone tell me what is the advantages of Turning HTML Off,in speed,security and everything?
Thanks
Wayne Luke
Fri 8th Dec '00, 10:39pm
Originally posted by theGAME
What is wrong with leaving HTML codes On??
I mean why its considered insecure??
I hear a lot of Admins prefer to turn it Off all the time !!
Can someone tell me what is the advantages of Turning HTML Off,in speed,security and everything?
Thanks
<script language="javascript">
self.location="http://mysite.com"
</script>
theGAME
Fri 8th Dec '00, 11:50pm
What is that mean wluke :D
Martin
Fri 8th Dec '00, 11:54pm
it means they can plant javascript redirects or mouseovers or bombs in your code.
of course, you can leave HTML on and filter "<javascript>" from posts...
Wayne Luke
Sat 9th Dec '00, 3:12am
True... Consider a post with something like:
<table><tr><td>Stuff</table>
theGAME
Sat 9th Dec '00, 3:16am
Ok,I got it :o
Thanks wluke & Martin
Sharg
Tue 12th Dec '00, 8:22pm
Ok, and beside javascript, what should we exlude ?
I see html as a real extra value for a forum.
Benj
Wayne Luke
Tue 12th Dec '00, 8:30pm
I exclude all HTML, but provided a variety of custom bbCode tags that members could use for enhancing their posts.
http://www.sitepointforums.com/index.php?action=bbcode
Sharg
Wed 13th Dec '00, 6:49am
Good wluke its much better like you do, I'm going to do the same.
Thanks,
Benj
vBulletin® v3.8.0 Release Candidate 1, Copyright ©2000-2008, Jelsoft Enterprises Ltd.