тнє ๖ۣۜSнυғғ׆ϵя ツ
  • I'm a new member :)


      Reputation : 0
      Registered on : 2012-04-07
      Posts : 3
    Hey staff or admin I suggest that the HTML Should be deactivated for Security issues.

    The problem is that anyone can put a full HTML page in a thread, and it will work.

    If you guys are being ignorant watch this.


    https://www.fmcodes.com/t577-the-html-vulnerability#3231

    Sir Chivas
    • Veteran staff member

        Reputation : 1
        Registered on : 2012-03-23
        Posts : 85
      Notice

      Hello, hola

      I will pass this up to the Administrators, for further discussions and notice.

      Also, for the future, please refrain creating multiple identical topics.




      Niko
      • Administrator

          Reputation : 319
          Registered on : 2012-02-22
          Posts : 2366
          School of codes courses: coming soon
        Hello,

        1st. Moved to suggestion forum
        2nd. Well, No one has already posted an html code... We will see



        Niko wants you in the team Guest

        Community manager and Administrator at Forumattivo.com

        LGforum
        • Veteran staff member

            Reputation : 19
            Registered on : 2012-04-05
            Posts : 77
          Really HTML is enabled? Oh dear.

          I believe script tags are stripped out of the posts, so there are no script issues.
          But here are some things that aren't stripped and would cause issues:
          Code:

          <div style="position:fixed;top:0px;left:0px;background:#000;width:100%;height:10000px;text-align:center;padding-top:100px">HTML issue, tut tut.</div>

          OR
          Code:
          <style>body { display: none }</style>

          Or I wonder if Iframes work?
          Oh my god they do... so thats the script issue brought back immediately. You should disable HTML... or I'll start demonstrating live, the potential issues. nonIo

          LGforum
          • Veteran staff member

              Reputation : 19
              Registered on : 2012-04-05
              Posts : 77
            I notice HTML is still enabled.
            This is a big issue that you need to sort. Luckily most browsers have security systems in place to prevent such things, but most still don't.

            Anonymous
            • Guest

                We'll try to disable it. But we have to change every single tutorial and Information topic. nonIo

                Niko
                • Administrator

                    Reputation : 319
                    Registered on : 2012-02-22
                    Posts : 2366
                    School of codes courses: coming soon
                  Mathias wrote:We'll try to disable it. But we have to change every single tutorial and Information topic. nonIo
                  As Mathias said... Our topics works on html: If we uneable it, we are a terrible forum ;(



                  Niko wants you in the team Guest

                  Community manager and Administrator at Forumattivo.com

                  LGforum
                  • Veteran staff member

                      Reputation : 19
                      Registered on : 2012-04-05
                      Posts : 77
                    nono What a bad idea.



                    You'll see your last post in this topic is hidden. Its hidden with css within this post. One major flaw. Thats just an example.

                    Nathan
                    • Veteran staff member

                        Reputation : 7
                        Registered on : 2012-06-26
                        Posts : 108
                      very bad idea i think users using some intermediate scripts will risk our view with some great and powerfull scripts

                      Nathan
                      • Veteran staff member

                          Reputation : 7
                          Registered on : 2012-06-26
                          Posts : 108
                        about that i think i have suggestion for this forum on here
                        It's a teamwork! We need a temwork!
                        first i think all staff members need to generate all the html to bb codes and the members
                        so then i-lgforum-chris-dans and other staff members reposting the original BBcode
                        third
                        All request from members and topics edit is on some PM so Luky pm shouldn't be inactive
                        Fourth change all the codes of this forum prefectly with bbcodes
                        and then all of users must doesn't use html and only staff are able to use it okay?
                        :birra: Great idea? yes read Cool yuppi yuppi Music excited yesyes togheter :<3: ??? redred leggiprima

                        Ryan
                        • ***


                            Reputation : 0
                            Registered on : 2012-04-29
                            Posts : 30

                          Nathan
                          • Veteran staff member

                              Reputation : 7
                              Registered on : 2012-06-26
                              Posts : 108
                            @Ryan wrote:
                            ow don't post an iframe dude

                            Hancki
                            • I'm a new member :)


                                Reputation : 1
                                Registered on : 2014-01-31
                                Posts : 1
                                LG
                              This could be a real problem! :/
                              Don't allow HTML, it can be a problem!