Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
nb1
Regular
Regular


Joined: Mar 03, 2005
Posts: 94
Location: OZ

PostPosted: Tue Sep 19, 2006 5:43 pm Reply with quote

Are these safe tags for a
Forum and what is the security risk of the enabling HTML in Forum

Code:
div,EM,EMBED,FORM,H1,h2,h3,h4,h5,h6,head,hr,HTML,IMG,INPUT,LI,LINK,MENU,META,OL,OPTION,OBJECT,ID,OBJECTID,P,param,style,script,SMALL,STRONG,src,youtube

_________________
Member Of The Windows Vista help and Support Community 
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Tue Sep 19, 2006 6:11 pm Reply with quote

Ummm...that would take a small book to answer.

In short, no, some of them are not safe for forum posts. EMBED, OBJECT, OBJECTID and SCRIPT are definitely out since they would be used to post malicious stuff. Even img / src and youtube (when did this become valid HTML?) need to be handled carefully.

Why would you want form, head, html, menu, meta, option, param in a forum post?

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
nb1
PostPosted: Tue Sep 19, 2006 7:01 pm Reply with quote

Actually this is a site that I help with and I have suggested that these tags were unsafe if you can give me somewhere to look up more information it would be appreciated
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Tue Sep 19, 2006 7:10 pm Reply with quote

There have been many issues with the HTML filtering in phpBB. Someone is always trying to bypass it. Disable HTML completely, it is much better to just use BBCode

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
stormer
New Member
New Member


Joined: Sep 14, 2006
Posts: 3

PostPosted: Tue Sep 19, 2006 8:25 pm Reply with quote

If I may ask ,, If embed is the only html that is allowed , then what would be the difference in using <embed> (HTML) for a youtube video or using [youtube] BBCode? And like i said embed is all thats allowed ,,
Thanks
 
View user's profile Send private message
evaders99
PostPosted: Tue Sep 19, 2006 10:11 pm Reply with quote

Well does this [youtube] BBCode have proper protection? Does it allow only YouTube links... or is it just a hack for using embed. Embed is quite dangerous, as it allows any of kind of ActiveX control or plugins to be used
 
stormer
PostPosted: Tue Sep 19, 2006 10:32 pm Reply with quote

Ok the thing here I enjoy making little flash images and posting them in my forums for everyone,, and a few members do also ,, but at the same time I do want everything secure also. Is there not away to allow some members to be able to post flash while not allowing others , Like friends that are known and just someone that came in and registered they would have to post some and let everyone get to know them first,, Is there someone that could wright a script like this?
 
evaders99
PostPosted: Wed Sep 20, 2006 7:36 am Reply with quote

I'm sure there should be some way to do it, might want to ask the guys at phpBB.com
Don't mention you use phpNuke though or they won't respond
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©