FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » How To » HTML and Javascript -- Dangers
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
HTML and Javascript -- Dangers [message #163907] Fri, 10 December 2010 13:16 Go to next message
wittrs is currently offline  wittrs   United States
Messages: 134
Registered: August 2009
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
I was thinking of making my board html friendly. What are the dangers of doing this? If you allow people to post html, would it exclude javascript?

If one was going to do this in a particular forum, the safest way would be to make the forum moderated, right? That would eliminate any problem?

Yours, thankful.
Re: HTML and Javascript -- Dangers [message #163911 is a reply to message #163907] Fri, 10 December 2010 23:05 Go to previous messageGo to next message
naudefj is currently offline  naudefj   South Africa
Messages: 3631
Registered: December 2004
Karma: 17
Senior Member
Administrator
Core Developer
add to buddy list
ignore all messages by this user
As far as I understand malicious HTML/JS code won't do any damage to your forum.
However, it may do unwanted things on user's PC when the HTML/JS is rendered.
For example, expose session details, thus allowing accounts to be hijacked.
Re: HTML and Javascript -- Dangers [message #163919 is a reply to message #163911] Sat, 11 December 2010 14:27 Go to previous message
Ernesto is currently offline  Ernesto   Sweden
Messages: 413
Registered: August 2005
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
XSS cross site scripting.

No, moderating the forum would not eliminate the problem, then the moderator would be volnurable when previewing the message.

HTML enabled forums is a huge huge nono unless only site managers, etc, are allowed to post to it.

You must never allow end-users to supply HTML code unless you have a rock solid bullet proof parser that removes bad or dangerous HTML code.


Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: Downloading all posts in these forums ?
Next Topic: Problem attaching files in FUDForum 2.8.1
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Mon Dec 11 19:57:33 EST 2017

Total time taken to generate the page: 0.00607 seconds