FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » How To » HTML and Javascript -- Dangers
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
HTML and Javascript -- Dangers [message #163907] Fri, 10 December 2010 18:16 Go to next message
wittrs is currently offline  wittrs   United States
Messages: 134
Registered: August 2009
Karma: 0
Senior Member
I was thinking of making my board html friendly. What are the dangers of doing this? If you allow people to post html, would it exclude javascript?

If one was going to do this in a particular forum, the safest way would be to make the forum moderated, right? That would eliminate any problem?

Yours, thankful.
Re: HTML and Javascript -- Dangers [message #163911 is a reply to message #163907] Sat, 11 December 2010 04:05 Go to previous messageGo to next message
naudefj is currently offline  naudefj   South Africa
Messages: 3771
Registered: December 2004
Karma: 28
Senior Member
Administrator
Core Developer
As far as I understand malicious HTML/JS code won't do any damage to your forum.
However, it may do unwanted things on user's PC when the HTML/JS is rendered.
For example, expose session details, thus allowing accounts to be hijacked.
Re: HTML and Javascript -- Dangers [message #163919 is a reply to message #163911] Sat, 11 December 2010 19:27 Go to previous message
Ernesto is currently offline  Ernesto   Sweden
Messages: 413
Registered: August 2005
Karma: 0
Senior Member
XSS cross site scripting.

No, moderating the forum would not eliminate the problem, then the moderator would be volnurable when previewing the message.

HTML enabled forums is a huge huge nono unless only site managers, etc, are allowed to post to it.

You must never allow end-users to supply HTML code unless you have a rock solid bullet proof parser that removes bad or dangerous HTML code.


  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Downloading all posts in these forums ?
Next Topic: Problem attaching files in FUDForum 2.8.1
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Oct 31 23:55:10 GMT 2024

Total time taken to generate the page: 0.02058 seconds