HTML for hackers ??

**WizyWyg** · Thu 23 Oct '03, 12:59pm

Originally posted by Gaim Mastr

I've read several suggestions for turning HTML off in posts, as leaving it on can pose a security risk.

How much of a security risk does enabling HTML in posts actually cause ??

What could some degenerate hacker actually do with such a feature ??

Well tons of things,
like hijacking peoples browsers with embedded java scripting.
download trojans from another website.
spyware.

**Gaim Mastr** · Sat 25 Oct '03, 7:15am

Thank you very much for your reply.

Would I be correct in guessing that the HTML risk is applied to those who visit and click on a thread or post, and not really a security threat to the mesage board itself ??

**Sylvus** · Sat 25 Oct '03, 7:37am

Originally posted by Gaim Mastr

Thank you very much for your reply.

Would I be correct in guessing that the HTML risk is applied to those who visit and click on a thread or post, and not really a security threat to the mesage board itself ??

No, not at all. Using HTML is a security risk, period. Giving users the ability to use HTML in their posts or signatures means that anything you can do with HTML, you can do on your forum and that's what you want to avoid.

Users don't need HTML and if you do, make a seperate forum, like an announcement forum where only you have access to post and no one can reply.

Otherwise, you're just setting yourself up for a nasty downfall.

Syl...

**Matthew Gordon** · Sat 25 Oct '03, 1:38pm

...or you can create a hack to allow only yourself to be able to use HTML.

**Floris** · Sat 25 Oct '03, 2:56pm

What happens if a user quotes

**Matthew Gordon** · Sat 25 Oct '03, 3:35pm

Then the HTML wouldn't work, of course.

**Gaim Mastr** · Sat 25 Oct '03, 7:18pm

Thank you all very much !!

I ask because for almost 2-years my message board members have enjoyed using HTML in their posts, as have I.

Given a choice, I'd do away with all of this vB code and force all users to use HTML by default. But, as our place continues to expand, it's not worth waiting for a problem to happen.

I suppose I'll have to create new vB code to match the most common HTML used by members. No problem.

Thanks for all of your responses !!

HTML for hackers ??

HTML for hackers ??

Comment

Comment

Comment

Comment

Comment

Comment

Comment