BBC HTML tag

[filipes]

Hello
It is javascript......
thks

[Arantor]

Yes, that's nice and secure. You can do so many things with JavaScript, like stealing the logged in user session details and hijacking accounts.

So, again, what do you actually want users to be able to post and why?

[filipes]

Something like this..

Code Select Expand

[center][html]<script src="//www.gmodules.com/ig/ifr?url=http://hosting.gmodules.com/ig/gadgets/file/114026893455619160549/embedkmlgadget.xml&amp;up_kml_url=http%3A%2F%2Fdl.dropbox.com%2Fu%2F78748857%2FKML%2FPontos_negros.kml&amp;up_view_mode=earth&amp;up_earth_2d_fallback=0&amp;up_earth_fly_from_space=1&amp;up_earth_show_buildings=0&amp;up_maps_zoom_out=0&amp;synd=open&amp;w=600&amp;h=400&amp;title=&amp;border=%23ffffff%7C0px%2C1px+solid+%23004488%7C0px%2C1px+solid+%23005599%7C0px%2C1px+solid+%230077BB%7C0px%2C1px+solid+%230088CC&amp;output=js"></script>[/html][/center]

[Arantor]

What's that supposed to do, exactly?

[filipes]

It is a google map with positions of radar in Portugal.....

[Arantor]

I know the Aeva mod used to be able to safely insert Google maps just by posting the URL but I also know that Google changed its API to avoid free map inclusion after so many hits.

The thing is: if you allow that JS to be posted by regular members, you allow ANY scripting to be posted, which is incredibly unsafe for a forum.

[filipes]

I want to do that possible for two members only not to everybody...

[Arantor]

The simplest way is to make them admins. By giving them raw HTML posting access, you might as well make them admins since they can make themselves admins in theory should you grant them raw access to the HTML bbc.

[filipes]

How can I do this The simplest way is to make them admins. By giving them raw HTML posting access

[Arantor]

If they have raw posting access, they can take over your account and do whatever they want on the forum. That's the risk of giving them raw posting access.

If you make them admins, they have the same power but it's done in a manner that you can remove again, assuming they don't demote you.

[filipes]

Not like that, I think that is not a good thing like that, any other way?

[Arantor]

That's the point, I don't think there is any other way!

You could just let them post it and edit their post after to put the HTML bbc around it - it will let you do so because you're an admin.

[filipes]

Look at this it is in Portuguese, why does this not working....

[Arantor]

-sigh- Because for YOUR PROTECTION it is removed from the post when a non-administrator saves the post.

[filipes]

Ok, (Obrigado) thank you....hello from Portugal!