Disable Parsing HTML in all user content
#1
I am running through all the recommended security steps and this is the next on my list.

Per the MyBB Security Guide located at https://docs.mybb.com/1.8/administration...rotection/
Under MyBB — General Configuration / Disable HTML Parsing it states...

Parsing HTML in all user content (like posts and profile fields) is highly dangerous and should be kept disabled.
The following Settings should be set to No:

Posting » Allow HTML in Announcements (announcementshtml)

Private Messaging » Allow HTML (pmsallowhtml)
Profile Options » Allow HTML in Signatures (sightml)



I am not clear where in the ADMIN I find these settings or what file I am supposed to be selecting NO.

Please advise.
Thx.

Running myBB 1.8.23
Reply
#2
^ should be available through Configuration section [settings]
have you tried using search box available at main page of Configuration ...
Reply
#3
You know what, I thought I was crazy. Swore I had seen a search function but since I wasn't on the config section, it was gone. Thanks for pointing that out. I found what I was looking for.

Cheers!!!
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)