Implementing a Custom HTML/JavaScript Button for Each User

[Paleus]

I am looking at providing an option in the user profile for an HTML button. Essentially the button would communicate with an external API using JavaScript and the code for said button would be provided by this service and the user could simply paste in the markup for the button in their profile.

However, what I am currently seeing is that HTML is by default not allowed in signatures and I am not sure how to create a custom button for the user profile (alongside the option to PM, view profile, online status, etc.).

How could I build in a custom field where users could paste in HTML/JavaScript code for a button?

Also, would having such an API button create a security vulnerability for the forum and therefore server?

[karlbenson]

Generally you would want to use a regex to parse the bit you want out of it and sanitize it.

For example youtube has html to embed the video.  But it would be too dangerous to allow users ability to include iframes or javascript, so many mods parse the bit they want

The best place to start would be to look at some of the mods which add that functionality.