MyBB Community Forums
[Still unsolved]HTML in profile fields? - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: 1.8 Support (https://community.mybb.com/forum-175.html)
+--- Forum: General Support (https://community.mybb.com/forum-176.html)
+--- Thread: [Still unsolved]HTML in profile fields? (/thread-164425.html)



[Still unsolved]HTML in profile fields? - Leviathan - 2014-12-19

I have a plugin by the name of Advanced profile. It allows you to use HTML in your profile, thusly being able to make it look however you would like it to, embed apps, etc. which is highly demanded by my users. However, this plugin takes away the "warn" link for Administrators and Moderators. So this obviously won't do. I have tried other plugins, including Profile design, myprofile, and bbcode in profile. These have failed.

Is there any other way of allowing users to style their profiles with HTML or CSS?


RE: HTML in profile fields? - Destroy666 - 2014-12-19

If you want to enable HTML in a profile field, just go to ACP -> Configuration -> Custom Profile Fields -> [field] and tick Yes, allow HTML in this profile field. No need for a plugin.


RE: HTML in profile fields? - VoIP - 2014-12-19

I don't think allowing html, and css is a wise idea. You can import iframes, and scripts into the field thus making your site vulnerable.


RE: HTML in profile fields? - Destroy666 - 2014-12-19

(2014-12-19, 07:12 PM)Orianthi Wrote: I don't think allowing html, and css is a wise idea. You can import iframes, and scripts into the field thus making your site vulnerable.

If you enable the option I mentioned, using scripts is impossible since they're blocked by the parser.


RE: HTML in profile fields? - Nathan Malcolm - 2014-12-19

(2014-12-19, 07:37 PM)Destroy666 Wrote:
(2014-12-19, 07:12 PM)Orianthi Wrote: I don't think allowing html, and css is a wise idea. You can import iframes, and scripts into the field thus making your site vulnerable.

If you enable the option I mentioned, using scripts is impossible since they're blocked by the parser.

Not true. The parser is a blacklist, not a whitelist. There are lots of ways to bypass it -- one of the reasons it was planned to use HTML Purifier in 1.8 but it doesn't look like it was implemented.


RE: HTML in profile fields? - Leviathan - 2014-12-19

I appreciate the concern, but we are constantly looking for skilled web developers to moderate profile sections. Thank you very much for this.

Destroy, That did not work. Nobody can style their profile, and neither can I.