Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

html tag

thetryrthetryr New
edited May 2012 in Vanilla 2.0 - 2.8

can i know the list of html tags that allowed to post?
Or maybe the allowed tags if posible.

Answers

  • Options
    422422 Developer MVP

    Under comment textarea in your forum is a link. Says simple html etc click it.

    There was an error rendering this rich post.

  • Options

    the Markdown link? I cant found that. Can u please paste the link u meant

  • Options

    btw some of those are explicitly disallowed *-applet-form-input-textarea-iframe-script-style

    grep is your friend.

  • Options

    thanks so much. It helped me.

  • Options

    for security reason i prefer to strip_tags and just allow the the ordinary bold,italic, etc

  • Options

    Well then you could use BBCode formatter. Or you can create your ow white list for htmlLawed.

    I understand why you would think like that but honestly the situation is not as bad as you think.

    Honestly though the security concern is stuff using styling to misdirect. One solution I've used is to ban style attribute, and then have a white list of approved classes.

    forms-inputs,etc are explicitly banned, so it is not like you could create a fake logon form. You probably want to stop positioning techniques like negative margin.

    there is no srcipting allowed.

    grep is your friend.

  • Options

    htmlawed seem to be better.

    I'll learn more about htmlawed. Many thanks again

  • Options

    You can do what you want with htmLawed, read their docs for info.

    If tags are malformed, it spits out reasonable, parsable markup.

    Anyway it quite nice to at least give you user the option of doing other things like tables, lists, etc. Not every know, but it allows people to

    O do understand those that don't want random colours, but HtmLawed can make it easier to be spefic about stuff like that.

    Although it could be easier to just to style the comment class with baground-color, border-color, outline-color,background-image set with !important, and that will overrule poor taste.

    There is a certain amount to be said for just firefighting when somebody has made a total mess. Because you are goign to get some nice original content too.

    grep is your friend.

  • Options

    If you go the approved classes route, you need to adapt any wysiwyg editor to use the classes rather then style attributes.

    grep is your friend.

Sign In or Register to comment.