Enable html tag for members

Started by Norrell, November 24, 2013, 12:02:28 PM

Previous topic - Next topic

Norrell

I have a new photography forum in which members need to post links from their FineArtAmerica accounts. Admins can use  tag, but members cannot. How is this adjusted? Any help would be appreciated. I realize doing this is regarded as security risk (not sure what specific risks though). But not being able to change this would require my using other software.

- Greg

margarett

A link can be perfectly posted without HTML
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

Arantor

You have choices. You can use the img tag for linking images directly, you can use the url bbcode for linking to it. I'm not sure what you actually need beyond that.

As for 'security risk', the risk of using raw HTML is that your account could be taken over.

Norrell

Hopefully I can post an example link. Every image on FineArtAmerica has an image link in the bottom corner for members to post in blogs and on FAA discussion boards. It works perfectly on Blogger sites, for example. I haven't found a way to make it work with our board.

If there's an alternate suggestion how to accomplish this, I'm all ears. Since it works on Blogger and FAA and they remain secure, it should be safely possible for our forum. Thanks again for any suggestions.

<a href='http://greg-norrell.artistwebsites.com/featured/lower-falls-from-red-rock-point-greg-norrell.html'; size='20'><img src='http://greg-norrell.artistwebsites.com/displayartworkartistwebsites.html?id=2191443&width=249&height=166'; alt='Art Prints' title='Art Prints' style='border: none;'></a>

Gargoyle

That got butchered...

Maybe place it into the code tags so the link isn't so destroyed?

Arantor

[url=http://greg-norrell.artistwebsites.com/featured/lower-falls-from-red-rock-point-greg-norrell.html][img]http://greg-norrell.artistwebsites.com/displayartworkartistwebsites.html?id=2191443&width=249&height=166[/img][/url]

I should note, there have been a number of vulnerabilities in Blogger's history with respect to XSS and other nasties getting in through their filtering being compromised. Their filtering is, probably, secure these days - until the next thing comes along. By not actually using raw HTML, SMF automatically gets a free pass on these things.

Norrell

<a href='http://greg-norrell.artistwebsites.com/featured/lower-falls-from-red-rock-point-greg-norrell.html' size='20'><img src='http://greg-norrell.artistwebsites.com/displayartworkartistwebsites.html?id=2191443&width=249&height=166' alt='Art Prints' title='Art Prints' style='border: none;'></a>

Gargoyle

Ah Arantor decoded it!!

Thats how you would do it as he has shown above your post!!!

This way you get what you want while maintaining security!

Norrell

Thanks Arantor.  Enclosing the link within the Code tag doesn't display the link in the forum, just the code. I need to be able to display the code  An example of it working on a blog is at the link below
http://blog.qthecollection.com/

Arantor

QuoteEnclosing the link within the Code tag doesn't display the link in the forum

No, of course it doesn't. The code tag is for writing code, such that it won't be processed as bbcode or anything else. So I used it to show you what the code would look like.

It's really, really simple, you put the image URL in an img bbcode, you put that inside a url bbcode, job done. If you then need an example to show people, you put that in a code tag like I did above to show you what it would be.

Illori

admin -> posts and topics -> bulletin board code enable basic html in posts

QuoteThis will allow the posting of some basic HTML tags:

    <b>, <u>, <i>, <s>, <em>, <ins>, <del>
    <a href="">
    <img src="" alt="" />
    <br />, <hr />
    <pre>, <blockquote>

Arantor

The HTML as given will not be accepted by the basic HTML routine.

Norrell

Thanks Arantor. What might be simple to you is not necessarily so to most photographers. I have one member who figured out how to do the BBC Code method, though she complained that she could no longer edit her Alt-Title tags. The vast majority need to be able to hit a button and copy and paste a link. Anything short, and it's not going to happen.

Arantor

Then they should use the WYSIWYG editor which pretty much does that.

Norrell

Any other recommendations would be greatly appreciated. I altered the subs.php file to include 'html' as a closable tag.  That didn't help.  There are plenty of forums where this is not an issue, such as the discussion forum for FAA.  Not being able to adjust this will require using a different software platform.

margarett

That kind of blackmailing isn't appreciated, sorry... (If you don't do this we will use other software)

If SMF isn't suited for your needs, you'r welcome to try alternatives. Or you can ask for a mod that suits your needs. That's not how SMF works, for a reason.
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

Kindred

also --- we will not tell people how to purposefully defeat the very basic security of SMF.

Allowing general users to include unparsed HTML it a HUGE security hole...  which is why we don't allow it for anyone except the admin.  You would give your general users full admin access to your site - why would you give them HTML?


Finally...   if you use the WYSIWYG editor, as arantor suggested, it will probably solve move of your problems
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Norrell

My apologies Margarett. I'm not trying to blackmail anyone. And I am earnestly grateful for all who take the time to provide advice. I'm just surprised there's not a simple solution here and hence I'm worried I may have to go back to the drawing board.

Kindred

see my post above.  there IS a simple solution
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

QuoteI altered the subs.php file to include 'html' as a closable tag

And the security aspect is unchanged, fortunately.

QuoteThere are plenty of forums where this is not an issue, such as the discussion forum for FAA.  Not being able to adjust this will require using a different software platform.

Then use that software platform. Or take the advice already given that you've chosen to ignore.

QuoteMy apologies Margarett. I'm not trying to blackmail anyone. And I am earnestly grateful for all who take the time to provide advice. I'm just surprised there's not a simple solution here and hence I'm worried I may have to go back to the drawing board.

Except "if you don't help me I'll have to look at other forum solutions" is blackmail. It is no different to a member coming onto your site and saying "if you don't implement <this> I'll take my content elsewhere". It's still blackmail, pure and simple, trying to get you to do something.

Advertisement: