Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt November 11, 2024
Ditchmonkey Posted June 7, 2010 Posted June 7, 2010 So to allow posting HTML in a thread there are 3 things that must happen (and one too many): 1. Allow HTML for the desired user group (makes sense) 2. Allow HTML in the settings for each forum (makes sense) Ok so now I've turned on HTML for my admin users, and I have allowed it in the particular forums where I want to post it but we aren't done yet we must still...... Choose "Enable HTML" in each individual post where we want the HTML be parsed. Now why would I go through all the trouble of setting up the user group permissions and the forum permissions just to have to have yet another verification in every thread that we post with HTML? I'm not understanding the rationale for step #3 and was hoping someone could enlighten me.
Robulosity2 Posted June 7, 2010 Posted June 7, 2010 I'm fairly confident that box is there to tell the site to prevent all content from being wrapped in HTML via the RTE
bfarber Posted June 7, 2010 Posted June 7, 2010 Because HTML posts have to be parsed different than a standard post, and you may not want the post you are making to parse HTML. Thus, you have to enable it for that post if you want to parse HTML.
Painted Horse Posted June 7, 2010 Posted June 7, 2010 On a tangent to this, one thing I noticed is that if I, as an admin, post something with HTML code in it (like a paypal or google checkout button), then someone else, who doesn't have HTML posting ability, replies to my post, then the quote is jumbled & messy with all the html code. It would be nice if either it kept intact the HTML from the original post (without allowing them to edit that in the quote) or if it stripped it out from the quote if they don't have permission to post HTML. This way it doesn't turn into an unreadable mess of code when/if they reply.
Ditchmonkey Posted June 7, 2010 Author Posted June 7, 2010 Because HTML posts have to be parsed different than a standard post, and you may not want the post you are making to parse HTML. Thus, you have to enable it for that post if you want to parse HTML. I know you will find this hard to believe...... but that explanation actually makes sense to me :D
bfarber Posted June 8, 2010 Posted June 8, 2010 I know what you are referring to, but it's rather tricky. We can't really just parse HTML in the quote, because it's too easy for the user to modify something and inject their own bad HTML. Security comes first. If we stripped it out, that would basically just mean no regular users could quote HTML-formatted posts. Again, mostly undesirable for many. It's a toughie.
altenerg Posted July 14, 2010 Posted July 14, 2010 I agree with the current setup. Esp given the security risks that can result if enabled unknowingly.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.