Topic: To HTML or not?

If I were to say that I was considering removing the ability to allow HTML in posts and signatures. What would you respond?

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: To HTML or not?

No problem, this is a good thing, removes the ability for stupid admins to let their users to make a mess of the forum smile

Re: To HTML or not?

I would just put it back in so it doesn't matter to me. smile

- kriptonic

Re: To HTML or not?

Kryptonic: So you're saying you need to be able to post with HTML?

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: To HTML or not?

Removing HTML sounds great to me.

-

Re: To HTML or not?

I'd say it doesn't matter if there is a pretty flexible BBCode-system-thingie that one can extend if special tags is needed for example.

Re: To HTML or not?

fine with me, as I have it toggled off

8

Re: To HTML or not?

What about enabling HTML as an option?

Re: To HTML or not?

Lucas wrote:

What about enabling HTML as an option?

Thats what it is now.

Re: To HTML or not?

I'm still not sure about this and would like to hear more opinions on the matter before I make up my mind. What I'm talking about is removing the ability to use HTML in posts and in signatures. Currently, the administrator can decide whether that should be allowed or not (Admin/Permissions). I want to remove it all together. The reasons are many. Preventing cross site scripting being the primary concern.

So, could you live without it?

"Programming is like sex: one mistake and you have to support it for the rest of your life."

11

Re: To HTML or not?

I can only come up with 1 thing, maybe you want html for tables, but that can probadly be solved in some other way, what are the reasons to have html in the forum?

Re: To HTML or not?

Yeah, but allowing users to do their own tables is seldom a good idea. They could just enter </table> and then the page layout would be destroyed.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: To HTML or not?

Even worse, someone could include some <script>-tags with a javascript which sends the cookie to a cracker/hacker/whatever... Then they can use MD5-Crack to decyrpt it. Or does PunBB use sessions?

Re: To HTML or not?

No one needs it for normal "forum editing" anyway. Then it's settled! HTML has to go.

-

Re: To HTML or not?

Samuel LB wrote:

Even worse, someone could include some <script>-tags with a javascript which sends the cookie to a cracker/hacker/whatever... Then they can use MD5-Crack to decyrpt it. Or does PunBB use sessions?

PunBB only uses cookies. What you just said about the javascript is exactly what I want to avoid. It is also what I meant when I said "Preventing cross site scripting being the primary concern" :)

Piggymon wrote:

No one needs it for normal "forum editing" anyway. Then it's settled! HTML has to go.

Yes, I believe it is :)

"Programming is like sex: one mistake and you have to support it for the rest of your life."

16

Re: To HTML or not?

Samuel LB wrote:

Even worse, someone could include some <script>-tags with a javascript which sends the cookie to a cracker/hacker/whatever... Then they can use MD5-Crack to decyrpt it. Or does PunBB use sessions?

The correct term is cracker. And there is no MD5 crack. When you put a string of data through MD5, you cannot reverse it.

And Kenel, if you do remove HTML, leave the basic bb codes (bold, italics and underline).

"You start coding. I'll go find out what they want." - Computer Analyst to Programmer

Re: To HTML or not?

The correct term is cracker.

I knew someone would say that. Anyway, hackers do crack peoples passwords, but they don't destroy anything.

When you put a string of data through MD5, you cannot reverse it.

There's a program called MD5-Crack which CAN reverse MD5's. Anyway, it takes a little time...

Re: To HTML or not?

Mako wrote:

And Kenel, if you do remove HTML, leave the basic bb codes (bold, italics and underline).

Yes, of course. I might even add more bbcodes. We'll see.

About MD5. It is impossible to reverse an MD5 checksum. You can however brute force it by trying all possible combinations. If the password is 8 bytes long with lowercase, uppercase and numeric characters it takes frikken forever though :) The most popular tool for brute forcing MD5 passwords is John The Ripper.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

19

Re: To HTML or not?

I guess it can go. It would be good if you could have a feature to add BB Codes of your own then. So taht if something that you want to use as HTML can be used as BB Code.

Re: To HTML or not?

I can live without HTML, but it would be nice to add some more BB Code

//Jocke

Re: To HTML or not?

Lucas wrote:

I guess it can go. It would be good if you could have a feature to add BB Codes of your own then. So taht if something that you want to use as HTML can be used as BB Code.

Yes, it would be, but it doesn't feel like a feature for PunBB.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

22 (edited by Mako 2003-08-25 22:26)

Re: To HTML or not?

Samuel LB wrote:
I knew someone would say that. Anyway, hackers do crack peoples passwords, but they don't destroy anything.

You notice the root word of "cracker" is "crack". A hacker would not crack passwords. A cracker would crack passwords. If you want the definition of a hacker, go here: http://www.mithral.com/~beberg/hacker.html

"You start coding. I'll go find out what they want." - Computer Analyst to Programmer