I can see that allowing users to post html may be a risk. However, allowing admins to do it should be ok and should actually be included as an option.
After all, I can change the code in any of the files on my server? And I can't use a div in a post I make or include an amazon ad in an iframe? C'mon!! That smells of "Big Brother"-mentality! Really.
I run a dozen blogs using WordPress, and I use HTML in the posts every day. I really can't see it being more of a risk in phpBB than in WordPress?!?
what happens if you quote a post that contains mallicious code that will be parsed because you as administrator post it?relicanth wrote:Indeed mates... this is a big lack in phpbb.
I'm the admin ffs, you can't deny me to use html in posts! That's ridiculous...
With the greatest respect that smacks of "mother knows best". The demand for HTML is because the likes of Ning are beginning to make phpBB look quaint and outdated. I want to wordwrap pictures, or put them on the right of a post, or resize them. There will be something else tomorrow. Will the world really end if a few trusted posters can do this?Mick wrote:You won't find help here how to circumvent phpBB security measures whether you think it's right or wrong.
All of that is perfectly possible with a few custom bbcodes.Pimlico Flats wrote:I want to wordwrap pictures, or put them on the right of a post, or resize them.
Code: Select all
Hey, I've got a question about this camera I'm considering getting. Can you tell me what you think? <img/ src="http://images.example.com/newcamera.gif" /**/onerror="alert(1);">
The OP only made one post, and besides that was 5 years ago, hardly worth commenting on now.Grassman wrote:Anyway, sorry for the rant, I just saw the OP try to defend their stance on it.