Dangerous BBcodes?

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
robbie787
Registered User
Posts: 16
Joined: Fri Sep 13, 2019 12:53 pm

Dangerous BBcodes?

Post by robbie787 »

I hear a lot with other forums of xss attacks via bbcode. Which codes are safest and which are dangerous to have? I have disabled url and flash... are there any others I need to be aware of that are vulnerable? :?

User avatar
JoshyPHP
Code Contributor
Posts: 1077
Joined: Mon Jul 11, 2011 12:28 am

Re: Dangerous BBcodes?

Post by JoshyPHP »

All of the default BBCodes are safe. Theoretically, it might be possible to do some weird things with Flash but I'd consider it safe as well. You can leave it disabled if you want since Flash is basically dead already.
I wrote the thing that does BBCodes in 3.2.

Post Reply

Return to “[3.2.x] Support Forum”