Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt November 11, 2024
Breaking Legs Posted February 19, 2010 Posted February 19, 2010 I want to allow html in signatures and in posts to a custom group (donators) When i use admin search for HTML in sigs etc, it gives me this optionAllow HTML in "About Me"? This is NOT recommended unless you trust all your members who can edit their profiles. In Group: User Profiles YesNo Allow HTML in signatures? This is NOT recommended unless you trust all your members who can add a signature. In Group: User Profiles How can I set this that it only allows it in my DONATORS group? and no other?
Wolfie Posted February 19, 2010 Posted February 19, 2010 How can I set this that it only allows it in my DONATORS group? and no other? That would require a skin edit. Go ask in the skinning area.
Breaking Legs Posted February 19, 2010 Author Posted February 19, 2010 So there is no way you can allow just 1 group to allow to post html unless you get a skin edit? Is this correct. If so thanks for answering.
Wolfie Posted February 19, 2010 Posted February 19, 2010 Since it's a global option, it can't be done without skin edits or unless someone makes a hook for you to allow it. Probably just easier to do it as a skin edit instead of someone creating a hook to handle it.
Mat Barrie Posted February 19, 2010 Posted February 19, 2010 You can allow a member to POST HTML (not for sigs) from Members > Member Groups > Manage User Groups > Global > Can post HTML?
bfarber Posted February 19, 2010 Posted February 19, 2010 To clarify... You can control who can use HTML for posts per-group. HTML for signatures is a global option, however.
Invision_ITA Posted February 22, 2010 Posted February 22, 2010 what is the danger to leave active the html for normal user?
bfarber Posted February 22, 2010 Posted February 22, 2010 They would be able to embed HTML into your site, opening XSS security holes, and potentially allowing them access to areas they should not have (i.e. moderator tools, the ACP, etc.).
Breaking Legs Posted March 3, 2010 Author Posted March 3, 2010 They would be able to embed HTML into your site, opening XSS security holes, and potentially allowing them access to areas they should not have (i.e. moderator tools, the ACP, etc.). Is that if the had rights to post html in both sigs and posts the would be able to do this? Or just posts.
alakazam Posted February 28, 2014 Posted February 28, 2014 They would be able to embed HTML into your site, opening XSS security holes, and potentially allowing them access to areas they should not have (i.e. moderator tools, the ACP, etc.). What? Why? What are the chances of that happening? :unsure:
Mark H Posted February 28, 2014 Posted February 28, 2014 This topic is 4 years old, FYI. But the answer is still relevant. The chances depend on who you allow to post HTML. If it's a highly trusted group of people you personally know, likely very little chance. If you let all members post HTML, that's really asking for trouble. We recommend not allowing it at all or, at least, tightly restricting it.
alakazam Posted February 28, 2014 Posted February 28, 2014 But I like to allow HTML. That's how users can embed videos for various sites that are not supported by IPB media thingy (like Dailymotion, Veoh, Rumble etc.). Why does allowing HTML give the users moderation powers? That doesn't make sense... :huh:
simplymesobe5280 Posted February 28, 2014 Posted February 28, 2014 alakazam they dun get moderator power by allowing html. But they will be able then to use any html code - also unwanted code that gives themself deep permissions on your site. And these permissions can be moderator - or admin like. It´s a bad security risc.
bfarber Posted February 28, 2014 Posted February 28, 2014 Allowing users to post arbitrary HTML greatly opens your site up to security holes. We strongly recommend against it. If your concern is video sharing sites you can create custom "media" codes in the ACP so that other services are supported by the software, just like the built in default ones (daily motion, youtube, etc.).
alakazam Posted February 28, 2014 Posted February 28, 2014 If your concern is video sharing sites you can create custom "media" codes in the ACP so that other services are supported by the software, just like the built in default ones (daily motion, youtube, etc.). Are there any tutorials on how to do that? Other than the default YouTube and Vimeo ones, the only free hook I could find was for Metacafe, but Metaface is pretty much a dead website (it doesn't even allow free users to upload videos anymore). There are so many video and audio sharing sites out there for which IPB doesn't have custom media codes. :ermm:
bfarber Posted March 3, 2014 Posted March 3, 2014 I would recommend posting in the peer help forum outlining which sites you want to support. :) It's hard to give a tutorial because each site may be a little different (some may not even be supportable in theory).
brunoAstonPassion Posted June 1, 2014 Posted June 1, 2014 hello, .. just like the built in default ones (daily motion, youtube, etc.). it works well for youtube, but this doesn't work for daily motion
flashpoint Posted June 2, 2014 Posted June 2, 2014 Are there any tutorials on how to do that? Other than the default YouTube and Vimeo ones, the only free hook I could find was for Metacafe, but Metaface is pretty much a dead website (it doesn't even allow free users to upload videos anymore). There are so many video and audio sharing sites out there for which IPB doesn't have custom media codes. :ermm: I don't have an IPS board installed currently but if you can send me a picture of the media codes ACP section I would be able to tell you how to do it. Make sure to include all of the fields on the form.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.