I am developing a BBS, I find many bbs system support UBB code, they claim
UBB code is safer. But I think I can achieve the same security by filter out
all html tags that allowed in the system and output other < and > character
as < and >. I could have more control in this way. I am not sure if it
is the right way, could anyone with experience on this give your opinion?
Thanks!
3  1393 
david <wy*****@hotmail.com> wrote: I am developing a BBS, I find many bbs system support UBB code, they claim
UBB code is safer. But I think I can achieve the same security by filter out
all html tags that allowed in the system and output other < and > character
as < and >. I could have more control in this way. I am not sure if it
is the right way, could anyone with experience on this give your opinion?
If you just filter out < and > etc you will indeed have a safe system,
but you'll be limiting your users to plain text. The advantage of UBB
is that it gives you a safe set of tags, as I understand it.
--
Jon Skeet - <sk***@pobox.com> http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Thanks for your reply.
For sure I can not just filter out < and >. What I tried to do is filter out
< and > of those unwanted tag, for example, I will keep those tags I want
like <A></A> ,<Img></Img> . I think UBB was necessory because there was not
a concept of formed html. If we use formed html, we can achieve the some
result as we use UBB.
What do you think?
"Jon Skeet [C# MVP]" <sk***@pobox.com> wrote in message
news:MP************************@msnews.microsoft.c om... david <wy*****@hotmail.com> wrote: I am developing a BBS, I find many bbs system support UBB code, they
claim UBB code is safer. But I think I can achieve the same security by filter
out all html tags that allowed in the system and output other < and >
character as < and >. I could have more control in this way. I am not sure
if it is the right way, could anyone with experience on this give your
opinion?
If you just filter out < and > etc you will indeed have a safe system,
but you'll be limiting your users to plain text. The advantage of UBB
is that it gives you a safe set of tags, as I understand it.
--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
david <wy*****@hotmail.com> wrote: Thanks for your reply.
For sure I can not just filter out < and >. What I tried to do is filter out
< and > of those unwanted tag, for example, I will keep those tags I want
like <A></A> ,<Img></Img> . I think UBB was necessory because there was not
a concept of formed html. If we use formed html, we can achieve the some
result as we use UBB.
What do you think?
I think you'll find it may get complicated fairly quickly, whatever you
do: you'll need to work out what to do with things like: >Look Here<<<<<a really good thing!>>>>Don't look here!
which people may well want to use in their posts. You'll also find that
people *will* try to abuse your system, virtually whatever you do. If
you're inserting the tags yourself rather than just filtering out tags
you definitely don't want, it gives more control, IMO.
--
Jon Skeet - <sk***@pobox.com> http://www.pobox.com/~skeet
If replying to the group, please do not mail me too This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Lodewijk van Haringhal |
last post by:
I'am new with javascritping not with programming. Is there nobody who can
help me with ths simple promblem? :) Please, please give me a hint.
Please help me with this script. I have two lists in...
|
by: Alan Bashy |
last post by:
Please, guys, In need help with this. It is due in the next week. Please,
help me to implement the functions in this programm especially the first
three constructor. I need them guys. Please, help...
|
by: Steve |
last post by:
Hi,
I've asked this question a couple of times before on this forum but no
one seems to be nice enough to point me to the right direction or help
me out with any information, if possible. Please...
|
by: sd00 |
last post by:
Hi all, can someone give me some coding help with a problem that
*should* be really simple, yet I'm struggling with.
I need the difference between 2 times (Target / Actual)
However, these times...
|
by: CM |
last post by:
Hi,
Could anyone please help me?
I am completing my Master's Degree and need to reproduce a Webpage in
Word.
Aspects of the page are lost and some of the text goes.
I would really appreciate it....
|
by: jeffbroodwar |
last post by:
Hi everyone ! i need help on how can i convert xml data to resultset.. actually i was able to convert ResultSet to XML (using MySQL database) the problem is how can i make my client program consume...
|
by: FERHAT AÇICI |
last post by:
hi all! who know arrays on visual basic please tell me....
thanks..
|
by: Amali |
last post by:
I'm newdie in c programming. this is my first project in programming.
I have to write a program for a airline reservation. this is what i
have done yet. but when it runs it shows the number of...
|
by: 2Barter.net |
last post by:
newsmail@reuters.uk.ed10.net Fwd: Money for New Orleans, AL & GA
Inbox
Reply
Reply to all
Forward
Print
Add 2Barter.net to Contacts list
Delete this message
Report phishing
Show original
|
by: uno7031 |
last post by:
Help Please!!! Adding 5 Days to another Date in an access query
Good Morning,
Help please…. I am new to access and trying to write a query that will add 5 days between a RecDate and a...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |
