Why it's not good to allow HTML in posts

John Kennett · 16 March 2004, 23:46

The question of using HTML in posts has been raised with me by PM, and has also been mentioned on BoatMad

. It's possible that other people may also be interested so here are my thoughts . . .

The short answer is that it is a security risk, with a whole range of exploits from the trivial to the malicious. Some more details can be found here

Most things that might require HTML can be achieved using vB code so there's not much to be gained anyway!

John

PS Hi Matt

Matt · 17 March 2004, 00:29

Hey, I always prefer to code in HTML and try to richen my posts up a bit. But it's not a big deal.

Richard B · 17 March 2004, 07:51

Interesting what happened to the GPS thread on Boatmad...

Jonny Fuller · 17 March 2004, 08:48

Yes Very! You're a bad boy JK.

(and you'll be punished in due course!)

John Kennett · 17 March 2004, 10:00

I was just gently making the point that there are good reasons not to allow HTML in posts.

For those that missed it, I hijacked Matt's GPS thread... on BoatMad and redirected it here

This was just a silly little trick, but other more serious exploits are well documented.

John