Jump to content
Holiday Closures ×

Community

Sign in to follow this  
Breaking Legs

Allow HTML

Recommended Posts

I want to allow html in signatures and in posts to a custom group (donators)

When i use admin search for HTML in sigs etc, it gives me this option



Allow HTML in "About Me"?


This is NOT recommended unless you trust all your members who can edit their profiles.


In Group: User Profiles


YesNo


Allow HTML in signatures?


This is NOT recommended unless you trust all your members who can add a signature.


In Group: User Profiles



How can I set this that it only allows it in my DONATORS group? and no other?

Share this post


Link to post
Share on other sites

Since it's a global option, it can't be done without skin edits or unless someone makes a hook for you to allow it. Probably just easier to do it as a skin edit instead of someone creating a hook to handle it.

Share this post


Link to post
Share on other sites

You can allow a member to POST HTML (not for sigs) from Members > Member Groups > Manage User Groups > Global > Can post HTML?

Share this post


Link to post
Share on other sites

They would be able to embed HTML into your site, opening XSS security holes, and potentially allowing them access to areas they should not have (i.e. moderator tools, the ACP, etc.).

Share this post


Link to post
Share on other sites

They would be able to embed HTML into your site, opening XSS security holes, and potentially allowing them access to areas they should not have (i.e. moderator tools, the ACP, etc.).




Is that if the had rights to post html in both sigs and posts the would be able to do this?

Or just posts.

Share this post


Link to post
Share on other sites

They would be able to embed HTML into your site, opening XSS security holes, and potentially allowing them access to areas they should not have (i.e. moderator tools, the ACP, etc.).

What? Why? What are the chances of that happening? :unsure:

Share this post


Link to post
Share on other sites

This topic is 4 years old, FYI.

But the answer is still relevant.

The chances depend on who you allow to post HTML.

If it's a highly trusted group of people you personally know, likely very little chance.

If you let all members post HTML, that's really asking for trouble. We recommend not allowing it at all or, at least, tightly restricting it.

Share this post


Link to post
Share on other sites

But I like to allow HTML. That's how users can embed videos for various sites that are not supported by IPB media thingy (like Dailymotion, Veoh, Rumble etc.). Why does allowing HTML give the users moderation powers? That doesn't make sense... :huh:

Share this post


Link to post
Share on other sites

alakazam they dun get moderator power by allowing html. But they will be able then to use any html code - also unwanted code that gives themself deep permissions on your site. And these permissions can be moderator - or admin like.

It´s a bad security risc.

Share this post


Link to post
Share on other sites

Allowing users to post arbitrary HTML greatly opens your site up to security holes. We strongly recommend against it.

If your concern is video sharing sites you can create custom "media" codes in the ACP so that other services are supported by the software, just like the built in default ones (daily motion, youtube, etc.).

Share this post


Link to post
Share on other sites

If your concern is video sharing sites you can create custom "media" codes in the ACP so that other services are supported by the software, just like the built in default ones (daily motion, youtube, etc.).

Are there any tutorials on how to do that? Other than the default YouTube and Vimeo ones, the only free hook I could find was for Metacafe, but Metaface is pretty much a dead website (it doesn't even allow free users to upload videos anymore). There are so many video and audio sharing sites out there for which IPB doesn't have custom media codes. :ermm:

Share this post


Link to post
Share on other sites

I would recommend posting in the peer help forum outlining which sites you want to support. :) It's hard to give a tutorial because each site may be a little different (some may not even be supportable in theory).

Share this post


Link to post
Share on other sites

Are there any tutorials on how to do that? Other than the default YouTube and Vimeo ones, the only free hook I could find was for Metacafe, but Metaface is pretty much a dead website (it doesn't even allow free users to upload videos anymore). There are so many video and audio sharing sites out there for which IPB doesn't have custom media codes. :ermm:

I don't have an IPS board installed currently but if you can send me a picture of the media codes ACP section I would be able to tell you how to do it. Make sure to include all of the fields on the form.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy