FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » FUDforum Suggestions » HTML _and_ FUD ML in signatures
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
HTML _and_ FUD ML in signatures [message #3317] Mon, 17 June 2002 15:34 Go to next message
sverre is currently offline  sverre   Sweden
Messages: 11
Registered: February 2002
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Some of the users on my forum (2.0.2) would like to be able to use both HTML and FUDML in their signatures. Is that an intresting feature to add?

Re: HTML _and_ FUD ML in signatures [message #3318 is a reply to message #3317] Mon, 17 June 2002 15:55 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
We've considred this when we've first developed the forum and have come to a decision to support only 1 method at a time.
Supporting both can create confusion, since compatible HTML code would be converted to FUDcode etc...
I also STRONGLY recommend NOT to allow people to use HTML, since allowing users to insert HTML can allow users to create security issues but also break your layout.
For example: <img src="javascript: alert('HAHA');"> would result in an alter for every IE user, while an alert in not harmful by itself while(1) alert(); would cause a Denial Of Service Attack.
Considering how trivially easily it is to DOS a computer using JavaScript I believe allow people to enter raw HTML into their own messages is VERY BAD idea.


FUDforum Core Developer
Re: HTML _and_ FUD ML in signatures [message #3329 is a reply to message #3317] Mon, 17 June 2002 19:14 Go to previous messageGo to next message
Ecxeleron is currently offline  Ecxeleron   Australia
Messages: 187
Registered: January 2002
Location: Australia
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
I saw html enabled on a vbulletin board. It is seriously NOT a something I would do. HTML can doo much more than you think Smile


[Updated on: Mon, 17 June 2002 19:14]

Report message to a moderator

Re: HTML _and_ FUD ML in signatures [message #3330 is a reply to message #3318] Mon, 17 June 2002 19:26 Go to previous messageGo to next message
Olliver   Germany
Messages: 443
Registered: March 2002
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
Thus spake prottoss on Mon, 17 June 2002 21:55

[prelude snipped]
For example: <img src="javascript: alert('HAHA');"> would result in an alter for every IE user, while an alert in not harmful by itself while(1) alert(); would cause a Denial Of Service Attack.

well at least the IE recognizes malicious js loops and spits out a warning that the script would likely to consume loads of CPU time. Moz and afaik Opera haven't got a protection so u can easily nuke them with a while .. true loop. Another annoying thing is allowing ppl using HTML tags and they forget to close them properly. most cases the forum will get terribly spoiled while reading the thread. Wink
just my 2
good nite ^-^
Ken
Re: HTML _and_ FUD ML in signatures [message #3331 is a reply to message #3330] Mon, 17 June 2002 19:37 Go to previous message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
Actually only IE grabs the javascript code inside <img src=""> and executes it. Which is pretty nasty since it is very easy to hide a hostile JavaScript inside an img src. IE also downloads entire webpages that are specified in SRC including making requests for all elements shown on the page. The latter is a commonly used techinque by scammers to inflate statistics.


FUDforum Core Developer
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: Multiple styles
Next Topic: Option to show real names
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Oct 22 06:11:25 EDT 2017

Total time taken to generate the page: 0.00592 seconds