Custom BBCodes: A Security Risk?

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Ideas Centre
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
Adam_PHP
Registered User
Posts: 23
Joined: Wed Apr 23, 2008 7:59 pm

Custom BBCodes: A Security Risk?

Post by Adam_PHP »

Hello,

To be blunt, I want to make a custom bbcode, but am unsure if it would present a security risk to my forum. I realize that html on phpBB3 in it's vanilla form is dangerous, but since this code is more specific, I would think it would be impossible for a hacker to take advantage of this specific tag.

The bbcode would probably be: [shout][/shout]

The html equivalent: <iframe title="NAMEHERE" src="http://www.shoutmix.com/?NAMEHERE" frameborder="0" width="150" height="400"></iframe>

Before you say that all functionality for html was stripped from phpBB3, I have tried this using BBcodes and it worked fine.

Thank you,
-Adam

Adam_PHP
Registered User
Posts: 23
Joined: Wed Apr 23, 2008 7:59 pm

Re: Custom BBCodes: A Security Risk?

Post by Adam_PHP »

I'm sorry, but I'm going to bump it. I am just about to go ahead and add this to my site and I would prefer not to open up a security hole.

Sorry and thank you,
-Adam

The_Descendant
Registered User
Posts: 233
Joined: Thu Sep 13, 2007 5:48 pm

Re: Custom BBCodes: A Security Risk?

Post by The_Descendant »

BBCode is safe and because its a specific tag it makes it even more safe, so its pretty safe to go ahead and do it.

Adam_PHP
Registered User
Posts: 23
Joined: Wed Apr 23, 2008 7:59 pm

Re: Custom BBCodes: A Security Risk?

Post by Adam_PHP »

Ok, thank you very much.

Locked

Return to “[3.0.x] Support Forum”