Member Avatar for Skrljutak

Hi people.
I'd like to allow HTML code in my forum but I don't know how :)
Would any of you explain to me how I could do it?
Regards

  • 6 Contributors
  • 15 Replies
  • 377 Views
  • 4 Days Discussion Span
  • Latest Post Latest Post by diafol

Recommended Answers

All 15 Replies

Member Avatar for Gem4

Assuming you are using php,

You have to use htmlentities() function for that, also try nl2br() function for new line.

Member Avatar for Skrljutak

I substituted all <> with () but it says it's not supported.
Would you please be so kind as to tell me how to use nl2br()?
Regards

Member Avatar for diafol

> 'd like to allow HTML code in my forum but I don't know how

Ahem, did you read the bit about security?

You'd be better off allowing certain BBCodes than giving somebody carte-blanche to paste in any old rubbish. Leaving off certain close tags could mess up your page layout or js scripts could hijack the page.

Member Avatar for Skrljutak

The forum will be locked and invisible for the guests so the security will not be an issue.
Please help

Member Avatar for jonsca

the security will not be an issue

I'm no expert on the topic, so this is just a thought, but what happens if one of your trusted users has a weak password and the account is compromised?

Member Avatar for Skrljutak

Weak passwords will not be allowed.
I would need a suggestion or a lead how to do it.

Member Avatar for Borzoi

Even strong passwords are crackable and it won't stop the user being subjugated to phishing. I would go with ardav and only allow bbcode.

commented: Thank you +6
Member Avatar for Skrljutak

Thanks guys for all your care for the security of my forum but I'd sincerely like someone to tell me how to allow it. I also got the information that allowing HTML in phpBB3 is disabled because of security reasons but I'm still not sure if it's 100% true.

Member Avatar for Borzoi

If you're using phpBB then there should be an option in the administrator settings somewhere to allow it. I haven't used the most recent version though so I don't know if the option has been removed.

Member Avatar for Skrljutak

Thanks Borzoi

Member Avatar for diafol

Although you could do it, it doesn't mean that you should. The HTML facility was taken out of phpBB3 AFAIK due to security issues. You seem absolutely determined to go through with it. Here's a phpBB3 mod that will allow you to enable HTML:

http://lithiumstudios.org/forum/viewtopic.php?f=31&t=535

I would read the disclaimer before the download link.

This post is also interesting:

http://www.phpbb.com/community/viewtopic.php?f=46&t=1822125&start=0

I think you're mad to do this, but hey, not my prob.

Edited by diafol because: n/a
Member Avatar for Skrljutak

Dear Ardav,
Your help is more than appreciated.
If there is anything I may help with don't hesitate to contact me.
Enjoy in the rest of your day.
Skrljut

Member Avatar for Gants

if you are using PHP forum, then you should use htmlentities() to allow

Member Avatar for Skrljutak

Gants,

When you mention the entities(), do you think only to substitute these <> with these ()?
I am asking because I have already tried that and it didn't work.

Regards

Member Avatar for diafol

You need to ensure that you strip out any <script> or <link> stuff and that all tags are properly closed. For example if an user were to post '<strong>jvwjnvj' and leave it at that, would that then show the rest of the page below his displayed message as BOLD type? You are trusting users to create well-formed html and not to post malicious js or css.


> When you mention the entities(), do you think only to substitute these <> with these ()?
I am asking because I have already tried that and it didn't work.


If you are using tag replacement, use BBCode.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.