Results 1 to 4 of 4

Thread: Any Safe Way to Enable HTML on my vBulletin forum?

  1. #1
    Senior Member
    Join Date
    Oct 2001

    Any Safe Way to Enable HTML on my vBulletin forum?

    I am wondering about this. Also, where might I find more info on the reason HTML should be disabled in forums?

  2. #2

    To enable html without being scared of somebody "hacking" your forum, simple put these in the censor field in the admin control panel. This way if somebody tries to use these, it will replace them with **** and in return wont work.

    *crosses fingers that code tags show the code*
    <iframe </iframe <link </link <basefont </basefont <base </base <td </td <tr </tr <th </th <tfoot </tfoot <tbody </tbody <thead </thead <table </table <body </body <meta </meta <div </div <style </style <script </script <html </html <plaintext </plaintext <xmp </xmp <object <noframes <noembed <noscript <nojava onload onMouseover
    this should work, but if members whom really know what there doing can and most likely will find a way around the word censor.


  3. #3
    There isn't a safe way to enable HTML, IMO. With any room for HTML in data validation there's enough room to insert script. It's way too complicated to have smart filtering against scripts when HTML is enabled at all. I don't know of any practical way to do it. If you follow front2back's advice, you'll be pretty wide open to attack. Sorry!

    Look into OWASP filters, but that's not what you want, since you're doing the opposite. Oh well.

  4. #4
    I do not know about vBulletin specifically, but there is only one way to safely allow HTML or any other code.

    You have to treat every single post as if it were within code tags.
    <a href=link>link</a>
    You can see how this is an excercise in uselessness?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts