| Author |
Message |
nb1
Regular
Joined: Mar 03, 2005
Posts: 94
Location: OZ
|
 Posted:
Tue Sep 19, 2006 5:43 pm |
|
Are these safe tags for a
Forum and what is the security risk of the enabling HTML in Forum
Code:div,EM,EMBED,FORM,H1,h2,h3,h4,h5,h6,head,hr,HTML,IMG,INPUT,LI,LINK,MENU,META,OL,OPTION,OBJECT,ID,OBJECTID,P,param,style,script,SMALL,STRONG,src,youtube
|
|
_________________
Member Of The Windows Vista help and Support Community |
|
   
 |
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6437
|
| Posted:
Tue Sep 19, 2006 6:11 pm |
|
Ummm...that would take a small book to answer.
In short, no, some of them are not safe for forum posts. EMBED, OBJECT, OBJECTID and SCRIPT are definitely out since they would be used to post malicious stuff. Even img / src and youtube (when did this become valid HTML?) need to be handled carefully.
Why would you want form, head, html, menu, meta, option, param in a forum post? |
_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
nb1
|
| Posted:
Tue Sep 19, 2006 7:01 pm |
|
Actually this is a site that I help with and I have suggested that these tags were unsafe if you can give me somewhere to look up more information it would be appreciated |
| |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Tue Sep 19, 2006 7:10 pm |
|
There have been many issues with the HTML filtering in phpBB. Someone is always trying to bypass it. Disable HTML completely, it is much better to just use BBCode |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
|
stormer
New Member
Joined: Sep 14, 2006
Posts: 3
|
| Posted:
Tue Sep 19, 2006 8:25 pm |
|
If I may ask ,, If embed is the only html that is allowed , then what would be the difference in using <embed> (HTML) for a youtube video or using [youtube] BBCode? And like i said embed is all thats allowed ,,
Thanks |
| |
|
|
|
|
evaders99
|
| Posted:
Tue Sep 19, 2006 10:11 pm |
|
Well does this [youtube] BBCode have proper protection? Does it allow only YouTube links... or is it just a hack for using embed. Embed is quite dangerous, as it allows any of kind of ActiveX control or plugins to be used |
| |
|
|
|
|
stormer
|
| Posted:
Tue Sep 19, 2006 10:32 pm |
|
Ok the thing here I enjoy making little flash images and posting them in my forums for everyone,, and a few members do also ,, but at the same time I do want everything secure also. Is there not away to allow some members to be able to post flash while not allowing others , Like friends that are known and just someone that came in and registered they would have to post some and let everyone get to know them first,, Is there someone that could wright a script like this? |
| |
|
|
|
|
evaders99
|
| Posted:
Wed Sep 20, 2006 7:36 am |
|
I'm sure there should be some way to do it, might want to ask the guys at phpBB.com
Don't mention you use phpNuke though or they won't respond |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
