HomeHome  
  • WelcomeWelcome  
  • Events  
  • PublicationsPublications  
  • FAQFAQ  
  • SearchSearch  
  • MemberlistMemberlist  
  • UsergroupsUsergroups  
  • RegisterRegister  
  • Log inLog in  
  • You are not connected. Please login or register


    HTML Vulnerability

    avatar
    • I'm a new member :)


        Reputation : 0
        Registered on : 2012-04-07
        Posts : 3
      Hey staff or admin I suggest that the HTML Should be deactivated for Security issues.

      The problem is that anyone can put a full HTML page in a thread, and it will work.

      If you guys are being ignorant watch this.


      https://www.fmcodes.com/t577-the-html-vulnerability#3231

      avatar
      • Veteran staff member

          Reputation : 1
          Registered on : 2012-03-23
          Posts : 85
        Notice

        Hello, hola

        I will pass this up to the Administrators, for further discussions and notice.

        Also, for the future, please refrain creating multiple identical topics.




        avatar
        • Administrator

            Reputation : 315
            Registered on : 2012-02-22
            Posts : 2317
            School of codes courses: coming soon
          Hello,

          1st. Moved to suggestion forum
          2nd. Well, No one has already posted an html code... We will see



          Niko wants you in the team Guest

          Community manager and Administrator at Forumattivo.com

          avatar
          • Veteran staff member

              Reputation : 19
              Registered on : 2012-04-05
              Posts : 77
            Really HTML is enabled? Oh dear.

            I believe script tags are stripped out of the posts, so there are no script issues.
            But here are some things that aren't stripped and would cause issues:
            Code:

            <div style="position:fixed;top:0px;left:0px;background:#000;width:100%;height:10000px;text-align:center;padding-top:100px">HTML issue, tut tut.</div>

            OR
            Code:
            <style>body { display: none }</style>

            Or I wonder if Iframes work?
            Oh my god they do... so thats the script issue brought back immediately. You should disable HTML... or I'll start demonstrating live, the potential issues. nonIo

            avatar
            • Veteran staff member

                Reputation : 19
                Registered on : 2012-04-05
                Posts : 77
              I notice HTML is still enabled.
              This is a big issue that you need to sort. Luckily most browsers have security systems in place to prevent such things, but most still don't.

              • Co-Founder

                  Reputation : 38
                  Registered on : 2012-02-26
                  Posts : 284
                We'll try to disable it. But we have to change every single tutorial and Information topic. nonIo

                avatar
                • Administrator

                    Reputation : 315
                    Registered on : 2012-02-22
                    Posts : 2317
                    School of codes courses: coming soon
                  @Mathias wrote:We'll try to disable it. But we have to change every single tutorial and Information topic. nonIo
                  As Mathias said... Our topics works on html: If we uneable it, we are a terrible forum ;(



                  Niko wants you in the team Guest

                  Community manager and Administrator at Forumattivo.com

                  avatar
                  • Veteran staff member

                      Reputation : 19
                      Registered on : 2012-04-05
                      Posts : 77
                    nono What a bad idea.



                    You'll see your last post in this topic is hidden. Its hidden with css within this post. One major flaw. Thats just an example.

                    avatar
                    • Veteran staff member

                        Reputation : 7
                        Registered on : 2012-06-26
                        Posts : 108
                      very bad idea i think users using some intermediate scripts will risk our view with some great and powerfull scripts

                      avatar
                      • Veteran staff member

                          Reputation : 7
                          Registered on : 2012-06-26
                          Posts : 108
                        about that i think i have suggestion for this forum on here
                        It's a teamwork! We need a temwork!
                        first i think all staff members need to generate all the html to bb codes and the members
                        so then i-lgforum-chris-dans and other staff members reposting the original BBcode
                        third
                        All request from members and topics edit is on some PM so Luky pm shouldn't be inactive
                        Fourth change all the codes of this forum prefectly with bbcodes
                        and then all of users must doesn't use html and only staff are able to use it okay?
                        :birra: Great idea? yes read Cool yuppi yuppi Music excited yesyes togheter :<3: ??? redred leggiprima

                        avatar
                        • ***


                            Reputation : 0
                            Registered on : 2012-04-29
                            Posts : 30

                          avatar
                          • Veteran staff member

                              Reputation : 7
                              Registered on : 2012-06-26
                              Posts : 108
                            @Ryan wrote:
                            ow don't post an iframe dude

                            avatar
                            • I'm a new member :)


                                Reputation : 1
                                Registered on : 2014-01-31
                                Posts : 1
                                LG
                              This could be a real problem! :/
                              Don't allow HTML, it can be a problem!


                              YOUR BANNER HERE
                              728x90
                              DMCA.com Protection Status
                              Private forum on Forumotion | © PunBB | Free forum support | Contact | Report an abuse | Free forum