Page 1 of 1
Allow HTML in posts
Posted: Fri Jun 30, 2006 4:24 pm
by MrBaseball34
To allow HTML in your messages,
comment out this line
$in = htmlspecialchars($in);
in this function pj_input in mboard.php.
Posted: Fri Jun 30, 2006 7:13 pm
by Klemen
True, but I advise everyone NOT to do that, then the script might be vulnerable to XSS attacks. Use at your own risk...
Any other option?
Posted: Fri Jun 30, 2006 8:17 pm
by MrBaseball34
Would there be any other way to allow HTML?
I intend to modify to allow GeSHi syntax highlighting and it would really
destroy that plan if I am not able to do that.
How about a secured HTML
Posted: Thu Mar 05, 2009 12:51 pm
by yadav
Hi ,
Is there anyways we could allow HTML with no risk?
Posted: Thu Mar 05, 2009 4:37 pm
by Klemen
No, allowing HTML is a security risk.
Re: Allow HTML in posts
Posted: Sat Jan 08, 2011 8:26 pm
by jdmax
Clearly to allow html (http urls) to the comments section of posts would cause serious problems. Spammers would fill your board with adverts to promote external sites. Free advertising etc. Also a hackers paradise of free unlocked doors.
However if one friend wishes to inform another friend of his or her url this is perfectly possible by simply making the address into words rather than an url link.
My address would be therefore: jdmax dot net
We all know exactly what this means and we can type the url into our address bar accordingly. We know to type 3 x W's we know that dot means "." But a robot cannot do this and we have not created a hyperlink so problem solved. Hackers tend not to read text, they simply seek hypertext links directly.
Friends can inform friends of their web address without typing the url or creating a hyperlink. I hope this helps.
bfn
John
Re: Allow HTML in posts
Posted: Fri Dec 21, 2012 9:14 am
by konetkar500
I feel allowing html is very dangerous but is there any other way without any risk as we see sometime we found some link related to our site or our post in comment so how we can allow without any risk