It seems that alot of forums are too afraid to allow HTML, are people just being paranoid?
It seems that alot of computer users are too afraid to open attachments sent to them from random addresses, are people just being paranoid?
Daniweb _could_ allow a limited subset of HTML, but it would provide no more functionality than the bbcode*. And bbcode is much less verbose. The focus of a forum is discussions, not colors and other crapulence; consider yourself lucky to have any formatting at all.
* Oh I'm sorry, is it not really called bbcode on vbulletin forums? :-) ~looks at bottom~ Ah, it's "vB" code. Way to reuse an initialism, vBulletin guys.
One good reason for not allowing HTML is that many of these sorts of forums offer HTML help -- and when giving HTML help, it's not good to have your HTML code examples get left as HTML instead of being converted to < and >.
If forums allows HTML then it would be victim of HTML Injection attack also known as Cross Site Scripting.
Basically this attack means, whenever any user creates post then when that post is visible on page and if the HTML is allowed then is would also execute in page.
There are lot of other issues, I just gave one example.
By the way Nice Question !! and Nice response from all people.. :)
Thanks for your point.
Thread may be old but information can't ..still today lots of people don't know about these issues and lots of new websites contains these security issues.
You may find it out dated but for lot of people it may be informative.