It seems that alot of forums are too afraid to allow HTML, are people just being paranoid?

Recommended Answers

All 21 Replies

It seems that alot of forums are too afraid to allow HTML, are people just being paranoid?

Yes, they are sooooo paranoid.

My motto (and yes, I am paranoid): just because you're paranoid doesn't mean they're not after you.

just because you're paranoid doesn't mean they're not after you.

I believe Kurt Cobain said that...

he may, but I made it up myself (no fan of him :) ).

It seems that alot of forums are too afraid to allow HTML, are people just being paranoid?

It seems that alot of computer users are too afraid to open attachments sent to them from random addresses, are people just being paranoid?

Daniweb _could_ allow a limited subset of HTML, but it would provide no more functionality than the bbcode*. And bbcode is much less verbose. The focus of a forum is discussions, not colors and other crapulence; consider yourself lucky to have any formatting at all.

* Oh I'm sorry, is it not really called bbcode on vbulletin forums? :-) ~looks at bottom~ Ah, it's "vB" code. Way to reuse an initialism, vBulletin guys.

Member Avatar for Electrohead

The problem with HTML is the security on forums. Sure, you can ban certain tags, but it's much more convinient just to disable it and use the almighty BBCODE! :D

Cheers

a far bigger problem is the flood of flashing text, scrolling text, flash applets, and such crap that people will start to post.

It seems that alot of computer users are too afraid to open attachments sent to them from random addresses, are people just being paranoid?

Why on earh would someone want to open an attachment from a random address???

That's not being paranoid, that's just common sense!

One good reason for not allowing HTML is that many of these sorts of forums offer HTML help -- and when giving HTML help, it's not good to have your HTML code examples get left as HTML instead of being converted to < and >.

Why on earh would someone want to open an attachment from a random address???

To find unique goodies.

To find unique goodies.

Umm, yeah... well I guess... if you actually LIKE getting viruses, trojans, and other malware; not too many people like that though. :rolleyes:

Umm, yeah... well I guess... if you actually LIKE getting viruses, trojans, and other malware; not too many people like that though. :rolleyes:

NOOO! Free software, love letters, and pictures of nekkid Anna Kournikova.
And of course all those returned documents you can't remember sending. Got to know what's in those.

Umm, yeah... well I guess... if you actually LIKE getting viruses, trojans, and other malware; not too many people like that though. :rolleyes:

You can get viruses on a computer?

You can get viruses on a computer?

The Guide explains how the entire population of the planet Golgafringa was exterminated by a virus contracted from a dirty telephone, the same could happen easily from a computer keyboard.

Here the reasons :

- If it support HTML mean they also support Javascript or VBScript
- Users and affect virus, spyware, trojan
- Mess up the forum, example you post </tr><tr> or something etc...
- more....

If forums allows HTML then it would be victim of HTML Injection attack also known as Cross Site Scripting.
Basically this attack means, whenever any user creates post then when that post is visible on page and if the HTML is allowed then is would also execute in page.
Now if some user has entered some javascript redirection script that would redirect the visitor to him/her portfolio website then whenever any one opens the forum page, he will be redirected to portfolio website.
There are lot of other issues, I just gave one example.

By the way Nice Question !! and Nice response from all people.. :)

You do realise this thread was almost 5 yeas old...

Thanks for your point.
Thread may be old but information can't ..still today lots of people don't know about these issues and lots of new websites contains these security issues.
You may find it out dated but for lot of people it may be informative.

Some allowed the tags or some not.....

commented: spam +0

Prevents XSS attacks and lulz.

for an exmaple, if i post this code:

<script>
for(i=0;i<document.anchors.length;i++){
document.anchors[i].href = "http://www.youtube.com/watch?v=oHg5SJYRHA0";
}
</script>

every link on that forum page will result rickroll.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.