Blasma

Limited HTML or BBCode

classic Classic list List threaded Threaded
9 messages Options
fschmidt
Reply | Threaded
Open this post in threaded view
|

Limited HTML or BBCode

fschmidt
Administrator
Which should we use?

https://en.wikipedia.org/wiki/BBCode
Noken
Reply | Threaded
Open this post in threaded view
|

Re: Limited HTML or BBCode

Noken
HTML!
Never argue with an idiot, they drag you down to their level and then beat you with experience.
Hugo <Nabble>
Reply | Threaded
Open this post in threaded view
|

Re: Limited HTML or BBCode

Hugo <Nabble>
In reply to this post by fschmidt
This is a good question. I think BBCode is cleaner and safer. The problem of HTML is that people try to inject javascript and other harmful code into pages and we don't want to keep fighting such attempts. So maybe we could start with a simple BBCode language and expand it as needed. Do you agree?
fschmidt
Reply | Threaded
Open this post in threaded view
|

Re: Limited HTML or BBCode

fschmidt
Administrator
In reply to this post by Noken
Noken wrote
HTML!
Why?
fschmidt
Reply | Threaded
Open this post in threaded view
|

Re: Limited HTML or BBCode

fschmidt
Administrator
In reply to this post by Hugo <Nabble>
Hugo <Nabble> wrote
This is a good question. I think BBCode is cleaner and safer. The problem of HTML is that people try to inject javascript and other harmful code into pages and we don't want to keep fighting such attempts. So maybe we could start with a simple BBCode language and expand it as needed. Do you agree?
The reason I prefer BBCode isn't because it is cleaner or safer, but because it is more standard.  And I can write parsers easily these days, so why not.  I will do this next, should take a day or two.
Noken
Reply | Threaded
Open this post in threaded view
|

Re: Limited HTML or BBCode

Noken
In reply to this post by Hugo <Nabble>
Hugo <Nabble> wrote
This is a good question. I think BBCode is cleaner and safer. The problem of HTML is that people try to inject javascript and other harmful code into pages and we don't want to keep fighting such attempts. So maybe we could start with a simple BBCode language and expand it as needed. Do you agree?
What do you mean with "harmful" codes?
I do think BBCode is more secure than trying to clean HTML. Black lists for HTML almost never are 100% waterproof, just because there are so many variations. By using BBCode, everything that wasn't handled correctly by the parser will simply be spit out as their BBCode.. e.g.: [script] is harmless. Making the same mistake with cleaning html would produce <script>.

Academically it could be just as secure, but when you consider that their might be bugs in software (and there always is) BBCode provides an extra fallback..

That doesn't make it pretty though, therefore I would still stick with HTML.
Never argue with an idiot, they drag you down to their level and then beat you with experience.
Noken
Reply | Threaded
Open this post in threaded view
|

Re: Limited HTML or BBCode

Noken
Also. Why should it be so controlled? If you make it secure enough, there shouldn't be any problems?

- Noken
Never argue with an idiot, they drag you down to their level and then beat you with experience.
Hugo <Nabble>
Reply | Threaded
Open this post in threaded view
|

Re: Limited HTML or BBCode

Hugo <Nabble>
In reply to this post by Noken
Noken wrote
What do you mean with "harmful" codes?
There are some meta tags that redirect visitors to other websites, sometimes with malware and virus.
fschmidt
Reply | Threaded
Open this post in threaded view
|

Re: Limited HTML or BBCode

fschmidt
Administrator
In reply to this post by Hugo <Nabble>
bbcode done, closing
Free forum by Nabble Edit this page