Discussion in 'SF Open Government' started by Blue_UK, Sep 3, 2007.
Should HTML be allowed?
Log in or Sign up to hide all adverts.
The problem with HTML is it allows X-Scripting attacks, it's the main reason for vBCode.
It was originally stopped after a people used Dynamic Images (ones with '?' variable strings) to get copies of Cookies etc.
It is possible to add any forms of HTML to vBCode however there is a single restraint, any HTML tag is restricted to a single variable element. Like for instance in a TABLE tag you could have Width and Height to name a few entries, the standard vBCode edition would only allow you to put Height or Width, in not both.
If you are after something that only needs one variable then it's possible to get it added if you mention what it is you are after.
Cool. Who's the man responsible for this?
<hr> is nice and pretty.
With only one attribute that kind of tell my <div> ideas to f right off.
Well it is possible to 'precode' attributes, however you'd have to state what it is you'd like to see.
For instance a good one to precode is a 'Spoiler' tag, something like:
And the bcode being set like:
I guess it would be possible to make long attributes for CSS Style entries, however the problem is that CSS can be used to generate certain workarounds in regards to filters and security. Heck, Even just mischief (it wouldn't take much to place a rude replacement image over someone's avatar etc)
Separate names with a comma.