The Helper said:I could allow HTML in a custom title to whoever I wanted to but I don't believe anyone besides an admin is authorized to do it.
The Helper said:I could allow HTML in a custom title to whoever I wanted to but I don't believe anyone besides an admin is authorized to do it.
AceHart said:> Let mods do it.
Over my dead body!
Seth said:I'll drink to that!
HTML is apparently very dangerous, according to TH and SD. They told me and ... Some of the first 10 SMs about one time someone posted HTML in a post and didn't end a few tags. The entire page kinda "exploded" or something, and I think I remember SD Ryoko telling us that they had to delete the post through the ACP.
But don't trust anything I say. I'm usually wrong anyway.
phyrex1an said:Security rule number 1: Never let anyone use html on your site.
It would take anyone with a bit of javascript experience just a couple of seconds to write a script that steals your password as soon as you enter it in the password box.
A broken or slowed down page is your least problem if you are stupid enough to allow it. And don't be fooled to believe that you can filter out the 'bad' html.
str_replace( '<script', '<blockedcontent', $string );
str_replace( 'javascript', 'blockedcontent', $string );
I'd recommend Chris for the custom tittle.
He is helpful and nice person