A Security Issue regarding HTML

pensiv · Feb 6, 2002

I know that HTML is off now, but I thought that if people ever thought to complain they should read this correspondance:

[snip] - emailing to Morrus. Good idea KDL

KDLadage · Feb 6, 2002

This is something that should have been e-mailed to Morrus directly -- placing it here just invites people to experiment with it -- if not on these boards, then on others.

graydoom · Feb 6, 2002

Hmm, yes, I have thought to complain. Why? Because despite the fact that we did not have problems with HTML enabled on the old boards, and despite the fact the fact that javascript is censored out, HTML still isn't re-enabled.

Well, since whatever is was is gone now, I can't point out any flaws in it and/or browser-side fixes for it....
I dislike being deprived of the chance to make a rebuttal. With javascript commands censored, there shouldn't be any problems with re-enabling HTML. But since I have no idea what the issue here is... I can't make any good response.

Omegium · Feb 6, 2002

before html is turned on: het out the <iframe> tag. You can use html with that.

pensiv · Feb 7, 2002

first of all: javascript can be used in tags other than the script tag.

second of all: the security concern I was specifically refering to was that in the current version of vBulletin, a user account can be hacked into when HTML is enabled on the board.

Berandor · Feb 7, 2002

This is it? I know I am a no-tech but the problem is that user-accounts can be hacked?

I mean, I could lose my avatar, sig, or might have my username changed, or the hacker would find out my *gasp* e-mail address?

We have no real address, credit-card number,s or else in our profile.

I know there must be more to it, isn't it?
Or maybe I'm underestimating the degree of privacy warranted by EN-Users...

Berandor

A Security Issue regarding HTML

pensiv

Explorer

KDLadage

Explorer

graydoom

First Post

Omegium

First Post

pensiv

Explorer

Berandor

lunatic

Similar Threads