I want to allow html in signatures and in posts to a custom group (donators)

When i use admin search for HTML in sigs etc, it gives me this option

Allow HTML in "About Me"?

This is NOT recommended unless you trust all your members who can edit their profiles.

In Group: User Profiles

YesNo

Allow HTML in signatures?

This is NOT recommended unless you trust all your members who can add a signature.

In Group: User Profiles

How can I set this that it only allows it in my DONATORS group? and no other?

oops, wrong tab :blush:

How can I set this that it only allows it in my DONATORS group? and no other?

That would require a skin edit. Go ask in the skinning area.

So there is no way you can allow just 1 group to allow to post html unless you get a skin edit?

Is this correct.


If so thanks for answering.

Since it's a global option, it can't be done without skin edits or unless someone makes a hook for you to allow it. Probably just easier to do it as a skin edit instead of someone creating a hook to handle it.

You can allow a member to POST HTML (not for sigs) from Members > Member Groups > Manage User Groups > Global > Can post HTML?

To clarify...

You can control who can use HTML for posts per-group.

HTML for signatures is a global option, however.

what is the danger to leave active the html for normal user?

They would be able to embed HTML into your site, opening XSS security holes, and potentially allowing them access to areas they should not have (i.e. moderator tools, the ACP, etc.).

They would be able to embed HTML into your site, opening XSS security holes, and potentially allowing them access to areas they should not have (i.e. moderator tools, the ACP, etc.).

Is that if the had rights to post html in both sigs and posts the would be able to do this?

Or just posts.

Either one.

Might turn it off so, thanks!

They would be able to embed HTML into your site, opening XSS security holes, and potentially allowing them access to areas they should not have (i.e. moderator tools, the ACP, etc.).

What? Why? What are the chances of that happening? :unsure:

This topic is 4 years old, FYI.

But the answer is still relevant.

The chances depend on who you allow to post HTML.

If it's a highly trusted group of people you personally know, likely very little chance.

If you let all members post HTML, that's really asking for trouble. We recommend not allowing it at all or, at least, tightly restricting it.

But I like to allow HTML. That's how users can embed videos for various sites that are not supported by IPB media thingy (like Dailymotion, Veoh, Rumble etc.). Why does allowing HTML give the users moderation powers? That doesn't make sense... :huh:

alakazam they dun get moderator power by allowing html. But they will be able then to use any html code - also unwanted code that gives themself deep permissions on your site. And these permissions can be moderator - or admin like.

It´s a bad security risc.

Allowing users to post arbitrary HTML greatly opens your site up to security holes. We strongly recommend against it.

If your concern is video sharing sites you can create custom "media" codes in the ACP so that other services are supported by the software, just like the built in default ones (daily motion, youtube, etc.).

If your concern is video sharing sites you can create custom "media" codes in the ACP so that other services are supported by the software, just like the built in default ones (daily motion, youtube, etc.).

Are there any tutorials on how to do that? Other than the default YouTube and Vimeo ones, the only free hook I could find was for Metacafe, but Metaface is pretty much a dead website (it doesn't even allow free users to upload videos anymore). There are so many video and audio sharing sites out there for which IPB doesn't have custom media codes. :ermm:

I would recommend posting in the peer help forum outlining which sites you want to support. :) It's hard to give a tutorial because each site may be a little different (some may not even be supportable in theory).

hello,

.. just like the built in default ones (daily motion, youtube, etc.).

it works well for youtube, but this doesn't work for daily motion

Are there any tutorials on how to do that? Other than the default YouTube and Vimeo ones, the only free hook I could find was for Metacafe, but Metaface is pretty much a dead website (it doesn't even allow free users to upload videos anymore). There are so many video and audio sharing sites out there for which IPB doesn't have custom media codes. :ermm:

I don't have an IPS board installed currently but if you can send me a picture of the media codes ACP section I would be able to tell you how to do it. Make sure to include all of the fields on the form.