Breaking Legs Posted February 19, 2010 Share Posted February 19, 2010 I want to allow html in signatures and in posts to a custom group (donators) When i use admin search for HTML in sigs etc, it gives me this optionAllow HTML in "About Me"? This is NOT recommended unless you trust all your members who can edit their profiles. In Group: User Profiles YesNo Allow HTML in signatures? This is NOT recommended unless you trust all your members who can add a signature. In Group: User Profiles How can I set this that it only allows it in my DONATORS group? and no other? Link to comment Share on other sites More sharing options...
SandraS Posted February 19, 2010 Share Posted February 19, 2010 oops, wrong tab :blush: Link to comment Share on other sites More sharing options...
Wolfie Posted February 19, 2010 Share Posted February 19, 2010 How can I set this that it only allows it in my DONATORS group? and no other? That would require a skin edit. Go ask in the skinning area. Link to comment Share on other sites More sharing options...
Breaking Legs Posted February 19, 2010 Author Share Posted February 19, 2010 So there is no way you can allow just 1 group to allow to post html unless you get a skin edit? Is this correct. If so thanks for answering. Link to comment Share on other sites More sharing options...
Wolfie Posted February 19, 2010 Share Posted February 19, 2010 Since it's a global option, it can't be done without skin edits or unless someone makes a hook for you to allow it. Probably just easier to do it as a skin edit instead of someone creating a hook to handle it. Link to comment Share on other sites More sharing options...
Mat Barrie Posted February 19, 2010 Share Posted February 19, 2010 You can allow a member to POST HTML (not for sigs) from Members > Member Groups > Manage User Groups > Global > Can post HTML? Link to comment Share on other sites More sharing options...
bfarber Posted February 19, 2010 Share Posted February 19, 2010 To clarify... You can control who can use HTML for posts per-group. HTML for signatures is a global option, however. Link to comment Share on other sites More sharing options...
Invision_ITA Posted February 22, 2010 Share Posted February 22, 2010 what is the danger to leave active the html for normal user? Link to comment Share on other sites More sharing options...
bfarber Posted February 22, 2010 Share Posted February 22, 2010 They would be able to embed HTML into your site, opening XSS security holes, and potentially allowing them access to areas they should not have (i.e. moderator tools, the ACP, etc.). Link to comment Share on other sites More sharing options...
Breaking Legs Posted March 3, 2010 Author Share Posted March 3, 2010 They would be able to embed HTML into your site, opening XSS security holes, and potentially allowing them access to areas they should not have (i.e. moderator tools, the ACP, etc.). Is that if the had rights to post html in both sigs and posts the would be able to do this? Or just posts. Link to comment Share on other sites More sharing options...
Michael Posted March 3, 2010 Share Posted March 3, 2010 Either one. Link to comment Share on other sites More sharing options...
Breaking Legs Posted March 3, 2010 Author Share Posted March 3, 2010 Might turn it off so, thanks! Link to comment Share on other sites More sharing options...
alakazam Posted February 28, 2014 Share Posted February 28, 2014 They would be able to embed HTML into your site, opening XSS security holes, and potentially allowing them access to areas they should not have (i.e. moderator tools, the ACP, etc.). What? Why? What are the chances of that happening? :unsure: Link to comment Share on other sites More sharing options...
Mark H Posted February 28, 2014 Share Posted February 28, 2014 This topic is 4 years old, FYI. But the answer is still relevant. The chances depend on who you allow to post HTML. If it's a highly trusted group of people you personally know, likely very little chance. If you let all members post HTML, that's really asking for trouble. We recommend not allowing it at all or, at least, tightly restricting it. Link to comment Share on other sites More sharing options...
alakazam Posted February 28, 2014 Share Posted February 28, 2014 But I like to allow HTML. That's how users can embed videos for various sites that are not supported by IPB media thingy (like Dailymotion, Veoh, Rumble etc.). Why does allowing HTML give the users moderation powers? That doesn't make sense... :huh: Link to comment Share on other sites More sharing options...
simplymesobe5280 Posted February 28, 2014 Share Posted February 28, 2014 alakazam they dun get moderator power by allowing html. But they will be able then to use any html code - also unwanted code that gives themself deep permissions on your site. And these permissions can be moderator - or admin like. It´s a bad security risc. Link to comment Share on other sites More sharing options...
bfarber Posted February 28, 2014 Share Posted February 28, 2014 Allowing users to post arbitrary HTML greatly opens your site up to security holes. We strongly recommend against it. If your concern is video sharing sites you can create custom "media" codes in the ACP so that other services are supported by the software, just like the built in default ones (daily motion, youtube, etc.). Link to comment Share on other sites More sharing options...
alakazam Posted February 28, 2014 Share Posted February 28, 2014 If your concern is video sharing sites you can create custom "media" codes in the ACP so that other services are supported by the software, just like the built in default ones (daily motion, youtube, etc.). Are there any tutorials on how to do that? Other than the default YouTube and Vimeo ones, the only free hook I could find was for Metacafe, but Metaface is pretty much a dead website (it doesn't even allow free users to upload videos anymore). There are so many video and audio sharing sites out there for which IPB doesn't have custom media codes. :ermm: Link to comment Share on other sites More sharing options...
bfarber Posted March 3, 2014 Share Posted March 3, 2014 I would recommend posting in the peer help forum outlining which sites you want to support. :) It's hard to give a tutorial because each site may be a little different (some may not even be supportable in theory). Link to comment Share on other sites More sharing options...
brunoAstonPassion Posted June 1, 2014 Share Posted June 1, 2014 hello, .. just like the built in default ones (daily motion, youtube, etc.). it works well for youtube, but this doesn't work for daily motion Link to comment Share on other sites More sharing options...
flashpoint Posted June 2, 2014 Share Posted June 2, 2014 Are there any tutorials on how to do that? Other than the default YouTube and Vimeo ones, the only free hook I could find was for Metacafe, but Metaface is pretty much a dead website (it doesn't even allow free users to upload videos anymore). There are so many video and audio sharing sites out there for which IPB doesn't have custom media codes. :ermm: I don't have an IPS board installed currently but if you can send me a picture of the media codes ACP section I would be able to tell you how to do it. Make sure to include all of the fields on the form. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.