News:

Wondering if this will always be free?  See why free is better.

Main Menu

BBC HTML tag

Started by KillsBR, July 27, 2011, 12:37:40 PM

Previous topic - Next topic

filipes

Hello
It is javascript......
thks

Arantor

Yes, that's nice and secure. You can do so many things with JavaScript, like stealing the logged in user session details and hijacking accounts.

So, again, what do you actually want users to be able to post and why?
Holder of controversial views, all of which my own.


filipes

Something like this..
[center][html]<script src="//www.gmodules.com/ig/ifr?url=http://hosting.gmodules.com/ig/gadgets/file/114026893455619160549/embedkmlgadget.xml&amp;up_kml_url=http%3A%2F%2Fdl.dropbox.com%2Fu%2F78748857%2FKML%2FPontos_negros.kml&amp;up_view_mode=earth&amp;up_earth_2d_fallback=0&amp;up_earth_fly_from_space=1&amp;up_earth_show_buildings=0&amp;up_maps_zoom_out=0&amp;synd=open&amp;w=600&amp;h=400&amp;title=&amp;border=%23ffffff%7C0px%2C1px+solid+%23004488%7C0px%2C1px+solid+%23005599%7C0px%2C1px+solid+%230077BB%7C0px%2C1px+solid+%230088CC&amp;output=js"></script>[/html][/center]

Arantor

What's that supposed to do, exactly?
Holder of controversial views, all of which my own.


filipes

It is a google map with positions of radar in Portugal.....

Arantor

I know the Aeva mod used to be able to safely insert Google maps just by posting the URL but I also know that Google changed its API to avoid free map inclusion after so many hits.

The thing is: if you allow that JS to be posted by regular members, you allow ANY scripting to be posted, which is incredibly unsafe for a forum.
Holder of controversial views, all of which my own.


filipes

I want to do that possible for two members only not to everybody...

Arantor

The simplest way is to make them admins. By giving them raw HTML posting access, you might as well make them admins since they can make themselves admins in theory should you grant them raw access to the HTML bbc.
Holder of controversial views, all of which my own.


filipes

How can I do this The simplest way is to make them admins. By giving them raw HTML posting access

Arantor

If they have raw posting access, they can take over your account and do whatever they want on the forum. That's the risk of giving them raw posting access.

If you make them admins, they have the same power but it's done in a manner that you can remove again, assuming they don't demote you.
Holder of controversial views, all of which my own.


filipes

Not like that, I think that is not a good thing like that, any other way?

Arantor

That's the point, I don't think there is any other way!

You could just let them post it and edit their post after to put the HTML bbc around it - it will let you do so because you're an admin.
Holder of controversial views, all of which my own.


filipes

Look at this it is in Portuguese, why does this not working....

Arantor

-sigh- Because for YOUR PROTECTION it is removed from the post when a non-administrator saves the post.
Holder of controversial views, all of which my own.


filipes

Ok, (Obrigado) thank you....hello from Portugal!

Advertisement: