Print Page | Close Window

Allowing (some) HTML in posts Printed From: Web Wiz Forums Category: Web Wiz Web App Support Forums Forum Name: Web Wiz Forums Forum Description: Support forum for Web Wiz Forums application. URL: https://forums.webwiz.net/forum_posts.asp?TID=27697 Printed Date: 02 April 2026 at 12:49pm Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com Topic: Allowing (some) HTML in posts Posted By: TonyG Subject: Allowing (some) HTML in posts Date Posted: 17 August 2009 at 12:33pm I need to allow some HTML in my forum. Nothing really dangerous; some tables, fonts, img and little more. I have enabled blnHTMLView in RTE_setup This is my test post It seems OK, BUT when posted it looks like this And comming back to edit I find Bacground color has gone... and a pair of <t> have appeared. Any ideas about this? Thanks in advance Replies: Posted By: WebWiz-Bruce Date Posted: 17 August 2009 at 1:09pm The forum is built as a way to discuss with other people and not as a design tool. This means that HTML content that is not going to aid discussions and unsafe HTML is stripped from posts by the security filters. You can edit the file functions/unsafe_HTML_tags_inc.asp to change what is stripped from posts, however you should be very careful as you would be very surprised what can be used to launch XSS Hacks against forums including quite allot of CCS that you would use for styling. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting Posted By: TonyG Date Posted: 17 August 2009 at 2:14pm I know you're right, and I don't  like the idea very much but many users of the old forum love using tables inside tables with backdrounds over backdrounds (all they saw in MSN groups). I am plannig to build a new forum and WWF seems a good chioce, but if i cannot give them tables and tables (and very few other things, I promise) I would need another software. I've changed saryUnSafeHTMLtags(108) = "bgColor" in unsafe_HTML_tags_inc and the background now works. I hope that won't open a security hole I'll take a look at "XSS Hacks" Thanks for your advice ------------- To err is human, but to really foul things up requires a computer Posted By: 123Simples Date Posted: 17 August 2009 at 5:54pm Hi TonyG Welcome to Web Wiz As Bruce says forums are by nature a discussion tool and hence what you maybe want - I'm not sure any other forum software worth its salt, will allow you to do this. Yes I expect you can edit out unsafe tags left right and centre, but then you also risk having your forum (perhaps your site, even your server) compromised so I would suggest caution rather than whether or not a table has a pretty colour to it However, I've seen something similar done on other forums where tables and such are used Personally I'd settle for security first, tables second Posted By: TonyG Date Posted: 18 August 2009 at 2:54pm Unfortunatelly, MrTWS, most of the posts in the forum that is currently running are something like this: And this is what they want in the new forum. Security? Who cares! It's only me who have to deal with that. Most of this "artistics" is done with table, border and background, cellspacing and cellpadding. I don't think this these tags to be specially dangerous, but I might be wrong. I'm planning to enable as few tags as possible in order to keep risk at an acceptable level. The "old" forum has been running since 2005 with few problems using tables inside tables inside tables with classes that don't exist, div's, p's, font's... Maybe we have been lucky all this time. Ah! I almost forget. Another thing they love is playing music. Bgsound is their favourite (I hate it). It's not my choice, it's only my work. I understand you both. I hope you understand me. ------------- To err is human, but to really foul things up requires a computer Posted By: WebWiz-Bruce Date Posted: 18 August 2009 at 4:22pm If you are not concerned about security then you can remove as much as you like from the unsafe HTML file which should allow everything you want. However you should certainly leave in things like Script, JavaScript, VbScript, and IFrame as these are the most common things XXS Hackers will use. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting Posted By: TonyG Date Posted: 18 August 2009 at 9:00pm Thanks to both of you for your advice. I'll be as careful as possible. I promise ------------- To err is human, but to really foul things up requires a computer Posted By: 123Simples Date Posted: 19 August 2009 at 6:36pm Good luck Tony ------------- http://www.123simples.com/" rel="nofollow - Visit 123 Simples Web Design

Print Page | Close Window Forum Software by Web Wiz Forums® version 12.08 - https://www.webwizforums.com Copyright ©2001-2026 Web Wiz Ltd. - https://www.webwiz.net