Thread Status:
Not open for further replies.
  1. Exterminator

    Exterminator Super Moderator
    Staff Member

    Oct 23, 2012
    12,279
    46,649
    USA
    Windows 10
    Kaspersky
    #141 Exterminator, Jul 8, 2014
    Last edited: Jul 8, 2014
    Even I ,being the prehistoric sales expert(term of endearment given to me by a member) that I am, know that by allowing this you are putting your site at risk. Why would anybody allow HTML posting to its general membership. Those that suggest this have obviously never administrated or were an owner of a site. Suggesting that other platforms make this simpler is not a viable suggestion either. Personally I feel Xenforo to just as or even more secure than others. I have had VBulletin hacked. We have not even been on Xenforo for a year.
    There is no need for this anyway,when you have a full compliment of options available in the text editor that we have.
     
  2. Cowpipe

    Cowpipe New Member

    Jun 16, 2014
    688
    2,104
    Gaffer
    #142 Cowpipe, Jul 8, 2014
    Last edited: Jul 8, 2014
    Perhaps around 6 or 7 years ago now I was a member of a very popular question and answer site (like Yahoo answers but more informal). Anyway, part way along they decided to introduce some forum functionality, private messaging, user profiles and of course, basic html formatting options. Clearly somebody hadn't read any tutorials on sanitizing php...

    They only allowed three tags. <b> <i> and <u>. One of my favourite pasttimes was hijacking threads by placing malformed html into my posts. Eg: <b>Hello<b/>. This was parsed as being a valid tag due to the presence of the closing slash in the second tag, yet the integrity was not checked, and as such the entire page containing the malformed tag would appear in bold, italics or underlined, whatever I felt like. I called it stylisation terrorism :p

    Anyway, after about a week and a half of literally every thread being hijacked by me, they patched it and sent me a warning not to keep messing about with the html. Of course, that's like telling a hacker "If you log into my account again I'll just change the password ok!"...

    A few weeks later, they added the ability to add in images using <img src=""></img>. Bad move. Feeling incredibly annoyed at being 'warned' for pressuring them to fix an obvious bug which could have led to xss attacks, I went one step further.

    <img src=""<?php echo The security here stinks! Me and my password are outta here; ?>>

    Rather than thread hijack, I just put that code in my signature and left the site, head held high. And that my friends, is why you should never allow HTML tags directly into your source-code.
     
  3. Cats-4_Owners-2

    Cats-4_Owners-2 Level 37
    Trusted

    Dec 4, 2013
    2,657
    11,431
    Southern California (east of Los Angeles)
    Windows 10
    Kaspersky
    #143 Cats-4_Owners-2, Jul 8, 2014
    Last edited: Jul 8, 2014
    Cowpipe, it is a comforting relief we are all gladdened by to know that you are on our side!:p:D
     
  4. Cowpipe

    Cowpipe New Member

    Jun 16, 2014
    688
    2,104
    Gaffer
    And a fine pleasure it is, to have you as an ally Cats- ;) :p
     
    kram7750 likes this.
  5. Cats-4_Owners-2

    Cats-4_Owners-2 Level 37
    Trusted

    Dec 4, 2013
    2,657
    11,431
    Southern California (east of Los Angeles)
    Windows 10
    Kaspersky
    *smiling*:) Thank you! I much prefer being an '..ally (named) Cats-' than one of those Alley dwelling Cats!:p :D;)
     
    kram7750 and Cowpipe like this.
  6. NullPointerException

    Aug 25, 2014
    528
    624
    Computer scientist. Professional pessimist.
    Nirvana/serenity/paradise/tranquility/heap.
    I am not a hacker, so unfortunately I didn't get a word of what you said.
     
    kram7750 and Cowpipe like this.
  7. NullPointerException

    Aug 25, 2014
    528
    624
    Computer scientist. Professional pessimist.
    Nirvana/serenity/paradise/tranquility/heap.
    PHP's syntax is horrible, HTML is too basic, and MySQL is a brain-duck (yes, a brain-duck) for me. That's why I am the good guy.
     
    Cowpipe likes this.
  8. Cowpipe

    Cowpipe New Member

    Jun 16, 2014
    688
    2,104
    Gaffer
    #148 Cowpipe, Sep 10, 2014
    Last edited by a moderator: Dec 22, 2014
    Hahaha, I think that is my favourite reason ever for somebody not becoming a hacker :p :D

    And the second reason is the Elder Scrolls is my favorite video game series ; in fact one of my most favorite fictional things ever. So..
    Good luck finding the Easter egg..

    Not sure what i would do. I would just be lost and sulking. :(

    I love the idea for a Bourbon, but just skip the water and my drink of choice is ready. :D:D
     
    frogboy, donetao and Cowpipe like this.
Loading...
Similar Threads Forum Date
Q&A Query Re upgrading to Roboform 8 Browsers and Extensions Feb 3, 2017
Security Alert Microsoft Tricks Users into Upgrading to Windows 10 News Archive Aug 12, 2016
Should I bite the bullet? Upgrading Windows 8.1 to Windows 10? Operating Systems Jul 26, 2016