To allow HTML in your messages,
comment out this line
$in = htmlspecialchars($in);
in this function pj_input in mboard.php.
Allow HTML in posts
True, but I advise everyone NOT to do that, then the script might be vulnerable to XSS attacks. Use at your own risk...
Klemen, creator of HESK and PHPJunkyardWas this helpful? You can buy me a drink here 
You should follow me on Twitter here
Help desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...
Also browse for php hosting companies, read php books, find php resources and use webmaster tools
You should follow me on Twitter hereHelp desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...
Also browse for php hosting companies, read php books, find php resources and use webmaster tools
-
MrBaseball34
- Posts: 11
- Joined: Fri Jun 30, 2006 2:49 pm
Any other option?
Would there be any other way to allow HTML?
I intend to modify to allow GeSHi syntax highlighting and it would really
destroy that plan if I am not able to do that.
I intend to modify to allow GeSHi syntax highlighting and it would really
destroy that plan if I am not able to do that.
How about a secured HTML
Hi ,
Is there anyways we could allow HTML with no risk?
Is there anyways we could allow HTML with no risk?
No, allowing HTML is a security risk.
Klemen, creator of HESK and PHPJunkyardWas this helpful? You can buy me a drink here
You should follow me on Twitter here
Help desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...
Also browse for php hosting companies, read php books, find php resources and use webmaster tools
You should follow me on Twitter hereHelp desk software | Cloud help desk | Guestbook | Link manager | Click counter | more PHP Scripts ...
Also browse for php hosting companies, read php books, find php resources and use webmaster tools
Re: Allow HTML in posts
Clearly to allow html (http urls) to the comments section of posts would cause serious problems. Spammers would fill your board with adverts to promote external sites. Free advertising etc. Also a hackers paradise of free unlocked doors.
However if one friend wishes to inform another friend of his or her url this is perfectly possible by simply making the address into words rather than an url link.
My address would be therefore: jdmax dot net
We all know exactly what this means and we can type the url into our address bar accordingly. We know to type 3 x W's we know that dot means "." But a robot cannot do this and we have not created a hyperlink so problem solved. Hackers tend not to read text, they simply seek hypertext links directly.
Friends can inform friends of their web address without typing the url or creating a hyperlink. I hope this helps.
bfn
John
However if one friend wishes to inform another friend of his or her url this is perfectly possible by simply making the address into words rather than an url link.
My address would be therefore: jdmax dot net
We all know exactly what this means and we can type the url into our address bar accordingly. We know to type 3 x W's we know that dot means "." But a robot cannot do this and we have not created a hyperlink so problem solved. Hackers tend not to read text, they simply seek hypertext links directly.
Friends can inform friends of their web address without typing the url or creating a hyperlink. I hope this helps.
bfn
John
-
konetkar500
- Posts: 1
- Joined: Thu Dec 20, 2012 12:29 pm
Re: Allow HTML in posts
I feel allowing html is very dangerous but is there any other way without any risk as we see sometime we found some link related to our site or our post in comment so how we can allow without any risk