What can be the downsides of enabling html on a forum?

WHAT? · Jul 3, 2009

Users could mess with your page's code by posting closing tags. Also, they just post giant pictures or text and ruins the forum for everyone.

jimmy f · Jul 3, 2009

any help would be great guys.

John Stalvern · Jul 3, 2009

It can pose a significant security hole.

flybishop · Jul 3, 2009

Ah, you leave yourself wide open for people to start attacking your other users.

If you let me post html I could make a script that could steal session data from people's computers. That leaves them wide open to XSS attacks and CSRF attacks. If you're going to allow for HTML make sure that it's filtered and that it doesn't execute, so that if someone wanted to post what their code looks like then they can.

flybishop · Jul 3, 2009

Ah, you leave yourself wide open for people to start attacking your other users.

If you let me post html I could make a script that could steal session data from people's computers. That leaves them wide open to XSS attacks and CSRF attacks. If you're going to allow for HTML make sure that it's filtered and that it doesn't execute, so that if someone wanted to post what their code looks like then they can.

What can be the downsides of enabling html on a forum?

WHAT?

New member

jimmy f

New member

John Stalvern

New member

flybishop

New member

flybishop

New member