FUDforum: FUDforum Suggestions » HTML _and

Home » FUDforum » FUDforum Suggestions » HTML _and_ FUD ML in signatures

Show: Today's Messages :: Polls :: Message Navigator

HTML _and_ FUD ML in signatures [message #3317]

Mon, 17 June 2002 19:34

sverre

Messages: 11
Registered: February 2002

Karma: 0

Junior Member

Some of the users on my forum (2.0.2) would like to be able to use both HTML and FUDML in their signatures. Is that an intresting feature to add?

Report message to a moderator

Re: HTML _and_ FUD ML in signatures [message #3318 is a reply to message #3317]

Mon, 17 June 2002 19:55

Ilia

Messages: 13241
Registered: January 2002

Karma: 0

Senior Member
Administrator
Core Developer

We've considred this when we've first developed the forum and have come to a decision to support only 1 method at a time.
Supporting both can create confusion, since compatible HTML code would be converted to FUDcode etc...
I also STRONGLY recommend NOT to allow people to use HTML, since allowing users to insert HTML can allow users to create security issues but also break your layout.
For example: <img src="javascript: alert('HAHA');"> would result in an alter for every IE user, while an alert in not harmful by itself while(1) alert(); would cause a Denial Of Service Attack.
Considering how trivially easily it is to DOS a computer using JavaScript I believe allow people to enter raw HTML into their own messages is VERY BAD idea.

FUDforum Core Developer

Report message to a moderator

Re: HTML _and_ FUD ML in signatures [message #3329 is a reply to message #3317]

Mon, 17 June 2002 23:14

Ecxeleron

Messages: 187
Registered: January 2002
Location: Australia

Karma: 0

Senior Member

I saw html enabled on a vbulletin board. It is seriously NOT a something I would do. HTML can doo much more than you think Smile

[Updated on: Mon, 17 June 2002 23:14]

Report message to a moderator

Re: HTML _and_ FUD ML in signatures [message #3330 is a reply to message #3318]

Mon, 17 June 2002 23:26

Olliver

Messages: 443
Registered: March 2002

Karma: 0

Senior Member

Thus spake prottoss on Mon, 17 June 2002 21:55

[prelude snipped]
For example: <img src="javascript: alert('HAHA');"> would result in an alter for every IE user, while an alert in not harmful by itself while(1) alert(); would cause a Denial Of Service Attack.

well at least the IE recognizes malicious js loops and spits out a warning that the script would likely to consume loads of CPU time. Moz and afaik Opera haven't got a protection so u can easily nuke them with a while .. true loop. Another annoying thing is allowing ppl using HTML tags and they forget to close them properly. most cases the forum will get terribly spoiled while reading the thread. Wink

just my 2�
good nite ^-^
Ken

Report message to a moderator

Re: HTML _and_ FUD ML in signatures [message #3331 is a reply to message #3330]

Mon, 17 June 2002 23:37

Ilia

Messages: 13241
Registered: January 2002

Karma: 0

Senior Member
Administrator
Core Developer

Actually only IE grabs the javascript code inside <img src=""> and executes it. Which is pretty nasty since it is very easy to hide a hostile JavaScript inside an img src. IE also downloads entire webpages that are specified in SRC including making requests for all elements shown on the page. The latter is a commonly used techinque by scammers to inflate statistics.

FUDforum Core Developer

Report message to a moderator

Previous Topic:	Multiple styles
Next Topic:	Option to show real names

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sun Nov 24 16:57:10 GMT 2024

Total time taken to generate the page: 0.02944 seconds