BBC HTML tag

KillsBR · July 27, 2011, 12:37:40 PM

As Admin I'm able to use the html bbc tags when posting in my forum. The tags disappear when anybody else tries posting with them...

I want everyone to be able to use this tag...

In the admin section >> posts and topics >> bulletin board code, all bbc codes are checkmarked...

but the tag is not appearing

http://oi54.tinypic.com/iepls9.jpg [nofollow]

http://oi56.tinypic.com/5oulwn.jpg [nofollow]

I was using version 2.0 rc4 and everyone could use .... now upgraded to 2.0 final and now can not use?!

Illori · July 27, 2011, 12:46:10 PM

no one but admin can use the bbc tag html for security reasons, it is not that hard to embed something like js that can steal a users password or other information.

KillsBR · July 27, 2011, 12:56:59 PM

but I was using version 2.0 rc4 and everyone could use .... now upgraded to 2.0 final and now can not use?!

Illori · July 27, 2011, 12:58:39 PM

they can use basic html by default but not the html tag due to the reasons above, if they could then you must have had a mod.

KillsBR · July 27, 2011, 01:22:51 PM

in version 2.0 rc4, I do not use any mod .... on my forum, everyone MUST to be able to use the tag

Illori · July 27, 2011, 01:25:28 PM

you would need a mod to do that which puts your forum and users at great risk of being hacked.

KillsBR · July 27, 2011, 01:33:52 PM

and this mod exist? xD

i foung this: http://custom.simplemachines.org/mods/index.php?mod=411
but not for 2.0 =[

Illori · July 27, 2011, 01:36:28 PM

you want all html to be used by your users or just basic html? there should be a check box on that page to enable basic html.

KillsBR · July 27, 2011, 01:52:35 PM

but is already marked =/

Illori · July 27, 2011, 01:54:52 PM

try unchecking saving and checking it again.

KillsBR · July 27, 2011, 01:59:10 PM

continues in the same =x

Illori · July 27, 2011, 02:04:32 PM

do you have any mods installed?

KillsBR · July 27, 2011, 02:08:33 PM

1.    Spoiler BBCode    1.1.3
2.    AJAX Instant Quick Reply    1.0.4
3.    Highslide BBCode and Image Viewer
4.    YouTube BBCode    2.6
5.    AJAX Recent Topics    1.1

Illori · July 27, 2011, 02:12:59 PM

any of those could affect this, try uninstall them and seeing it if works then, also users can just use basic html without the html bbc code tag.

KillsBR · July 27, 2011, 02:26:41 PM

without the tag, it's still the same

i will try unistall this mods

KillsBR · July 27, 2011, 02:57:57 PM

uninstalled everything and did not work ...

Illori · July 27, 2011, 03:04:13 PM

you are trying this in a post and not in the news right?

KillsBR · July 27, 2011, 03:09:07 PM

new topic and reply

filipes · June 20, 2012, 02:11:56 AM

I have the same problem can anyone help with this, thks....

Arantor · June 20, 2012, 08:23:02 AM

As has been outlined many times before: it is an extremely bad idea to allow non-admins to use this tag. It is insecure.

What content are you trying to allow them to post?

filipes · June 20, 2012, 08:37:45 AM

Hello
It is javascript......
thks

Arantor · June 20, 2012, 08:39:23 AM

Yes, that's nice and secure. You can do so many things with JavaScript, like stealing the logged in user session details and hijacking accounts.

So, again, what do you actually want users to be able to post and why?

filipes · June 20, 2012, 08:41:56 AM

Something like this..

Code Select

[center][html]<script src="//www.gmodules.com/ig/ifr?url=http://hosting.gmodules.com/ig/gadgets/file/114026893455619160549/embedkmlgadget.xml&amp;up_kml_url=http%3A%2F%2Fdl.dropbox.com%2Fu%2F78748857%2FKML%2FPontos_negros.kml&amp;up_view_mode=earth&amp;up_earth_2d_fallback=0&amp;up_earth_fly_from_space=1&amp;up_earth_show_buildings=0&amp;up_maps_zoom_out=0&amp;synd=open&amp;w=600&amp;h=400&amp;title=&amp;border=%23ffffff%7C0px%2C1px+solid+%23004488%7C0px%2C1px+solid+%23005599%7C0px%2C1px+solid+%230077BB%7C0px%2C1px+solid+%230088CC&amp;output=js"></script>[/html][/center]

Arantor · June 20, 2012, 08:51:03 AM

What's that supposed to do, exactly?

filipes · June 20, 2012, 08:55:17 AM

It is a google map with positions of radar in Portugal.....

Arantor · June 20, 2012, 09:02:16 AM

I know the Aeva mod used to be able to safely insert Google maps just by posting the URL but I also know that Google changed its API to avoid free map inclusion after so many hits.

The thing is: if you allow that JS to be posted by regular members, you allow ANY scripting to be posted, which is incredibly unsafe for a forum.

filipes · June 20, 2012, 09:06:01 AM

I want to do that possible for two members only not to everybody...

Arantor · June 20, 2012, 09:07:24 AM

The simplest way is to make them admins. By giving them raw HTML posting access, you might as well make them admins since they can make themselves admins in theory should you grant them raw access to the HTML bbc.

filipes · June 20, 2012, 09:10:28 AM

How can I do this The simplest way is to make them admins. By giving them raw HTML posting access

Arantor · June 20, 2012, 09:12:15 AM

If they have raw posting access, they can take over your account and do whatever they want on the forum. That's the risk of giving them raw posting access.

If you make them admins, they have the same power but it's done in a manner that you can remove again, assuming they don't demote you.

filipes · June 20, 2012, 09:16:12 AM

Not like that, I think that is not a good thing like that, any other way?

Arantor · June 20, 2012, 09:20:03 AM

That's the point, I don't think there is any other way!

You could just let them post it and edit their post after to put the HTML bbc around it - it will let you do so because you're an admin.

filipes · June 20, 2012, 09:24:24 AM

Look at this it is in Portuguese, why does this not working....

Arantor · June 20, 2012, 09:43:45 AM

-sigh- Because for YOUR PROTECTION it is removed from the post when a non-administrator saves the post.

filipes · June 20, 2012, 11:15:03 AM

Ok, (Obrigado) thank you....hello from Portugal!

News:

BBC HTML tag