HTML and Javascript -- Dangers [message #163907] |
Fri, 10 December 2010 18:16 |
wittrs
Messages: 134 Registered: August 2009
Karma: 0
|
Senior Member |
|
|
I was thinking of making my board html friendly. What are the dangers of doing this? If you allow people to post html, would it exclude javascript?
If one was going to do this in a particular forum, the safest way would be to make the forum moderated, right? That would eliminate any problem?
Yours, thankful.
|
|
|
|
Re: HTML and Javascript -- Dangers [message #163919 is a reply to message #163911] |
Sat, 11 December 2010 19:27 |
Ernesto
Messages: 413 Registered: August 2005
Karma: 0
|
Senior Member |
|
|
XSS cross site scripting.
No, moderating the forum would not eliminate the problem, then the moderator would be volnurable when previewing the message.
HTML enabled forums is a huge huge nono unless only site managers, etc, are allowed to post to it.
You must never allow end-users to supply HTML code unless you have a rock solid bullet proof parser that removes bad or dangerous HTML code.
Ginnunga Gaming
|
|
|