0

Hi people.
I'd like to allow HTML code in my forum but I don't know how :)
Would any of you explain to me how I could do it?
Regards

6
Contributors
15
Replies
16
Views
6 Years
Discussion Span
Last Post by diafol
0

Assuming you are using php,

You have to use htmlentities() function for that, also try nl2br() function for new line.

0

I substituted all <> with () but it says it's not supported.
Would you please be so kind as to tell me how to use nl2br()?
Regards

0

> 'd like to allow HTML code in my forum but I don't know how

Ahem, did you read the bit about security?

You'd be better off allowing certain BBCodes than giving somebody carte-blanche to paste in any old rubbish. Leaving off certain close tags could mess up your page layout or js scripts could hijack the page.

0

The forum will be locked and invisible for the guests so the security will not be an issue.
Please help

0

the security will not be an issue

I'm no expert on the topic, so this is just a thought, but what happens if one of your trusted users has a weak password and the account is compromised?

0

Weak passwords will not be allowed.
I would need a suggestion or a lead how to do it.

1

Even strong passwords are crackable and it won't stop the user being subjugated to phishing. I would go with ardav and only allow bbcode.

Votes + Comments
Thank you
0

Thanks guys for all your care for the security of my forum but I'd sincerely like someone to tell me how to allow it. I also got the information that allowing HTML in phpBB3 is disabled because of security reasons but I'm still not sure if it's 100% true.

0

If you're using phpBB then there should be an option in the administrator settings somewhere to allow it. I haven't used the most recent version though so I don't know if the option has been removed.

0

Although you could do it, it doesn't mean that you should. The HTML facility was taken out of phpBB3 AFAIK due to security issues. You seem absolutely determined to go through with it. Here's a phpBB3 mod that will allow you to enable HTML:

http://lithiumstudios.org/forum/viewtopic.php?f=31&t=535

I would read the disclaimer before the download link.

This post is also interesting:

http://www.phpbb.com/community/viewtopic.php?f=46&t=1822125&start=0

I think you're mad to do this, but hey, not my prob.

Edited by diafol: n/a

0

Dear Ardav,
Your help is more than appreciated.
If there is anything I may help with don't hesitate to contact me.
Enjoy in the rest of your day.
Skrljut

0

if you are using PHP forum, then you should use htmlentities() to allow

0

Gants,

When you mention the entities(), do you think only to substitute these <> with these ()?
I am asking because I have already tried that and it didn't work.

Regards

0

You need to ensure that you strip out any <script> or <link> stuff and that all tags are properly closed. For example if an user were to post '<strong>jvwjnvj' and leave it at that, would that then show the rest of the page below his displayed message as BOLD type? You are trusting users to create well-formed html and not to post malicious js or css.


> When you mention the entities(), do you think only to substitute these <> with these ()?
I am asking because I have already tried that and it didn't work.


If you are using tag replacement, use BBCode.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.