MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Is enabling HTML in some forums a security risk?
Full Version: Is enabling HTML in some forums a security risk?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Renegader

2010-12-22, 05:41 AM
Is enabling HTML in forums where users can comment a security risk?

I have a WordPress and MyBB bridge and it has to have HTML otherwise it would stuff up.

Users and guests can comment, too - but they have to be moderated.

Joshua Mayer

2010-12-22, 05:55 AM
I believe it can, if someone posts a bad kind of HTML code, but I suggest using a HTML for usergroup's plugin, to limit which groups can use it. YOu can get one from MyBB Central but there may be one on the mods site.

Renegader

2010-12-22, 05:59 AM
Thanks, never thought of that actually. Wink

Matt

2010-12-22, 10:04 AM
<script> tags are automatically filtered out, but yes, it'd be better not to let everybody use it. You could break the layout or something with this:

<div style="width: 10000px; height: 10000px;></div>

TheGodFather

2010-12-22, 11:15 AM
never allow html for the known users/groups.
letting them post html can cause security risks as they can some codes to penetrate into your database, getting account informations and all.

Diogo Parrinha

2010-12-22, 11:29 AM
(2010-12-22, 05:55 AM)Joshua Mayer Wrote: [ -> ]I believe it can, if someone posts a bad kind of HTML code, but I suggest using a HTML for usergroup's plugin, to limit which groups can use it. YOu can get one from MyBB Central but there may be one on the mods site.

There's a free one here that I've coded.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Is enabling HTML in some forums a security risk?