471,073 Members | 1,373 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,073 software developers and data experts.

Please help! Is the support to UBB code still necessory?

I am developing a BBS, I find many bbs system support UBB code, they claim
UBB code is safer. But I think I can achieve the same security by filter out
all html tags that allowed in the system and output other < and > character
as &lt; and &gt;. I could have more control in this way. I am not sure if it
is the right way, could anyone with experience on this give your opinion?

Thanks!
Jul 21 '05 #1
3 1335
david <wy*****@hotmail.com> wrote:
I am developing a BBS, I find many bbs system support UBB code, they claim
UBB code is safer. But I think I can achieve the same security by filter out
all html tags that allowed in the system and output other < and > character
as &lt; and &gt;. I could have more control in this way. I am not sure if it
is the right way, could anyone with experience on this give your opinion?


If you just filter out < and > etc you will indeed have a safe system,
but you'll be limiting your users to plain text. The advantage of UBB
is that it gives you a safe set of tags, as I understand it.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Jul 21 '05 #2
Thanks for your reply.

For sure I can not just filter out < and >. What I tried to do is filter out
< and > of those unwanted tag, for example, I will keep those tags I want
like <A></A> ,<Img></Img> . I think UBB was necessory because there was not
a concept of formed html. If we use formed html, we can achieve the some
result as we use UBB.

What do you think?

"Jon Skeet [C# MVP]" <sk***@pobox.com> wrote in message
news:MP************************@msnews.microsoft.c om...
david <wy*****@hotmail.com> wrote:
I am developing a BBS, I find many bbs system support UBB code, they claim UBB code is safer. But I think I can achieve the same security by filter out all html tags that allowed in the system and output other < and > character as &lt; and &gt;. I could have more control in this way. I am not sure if it is the right way, could anyone with experience on this give your
opinion?
If you just filter out < and > etc you will indeed have a safe system,
but you'll be limiting your users to plain text. The advantage of UBB
is that it gives you a safe set of tags, as I understand it.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too

Jul 21 '05 #3
david <wy*****@hotmail.com> wrote:
Thanks for your reply.

For sure I can not just filter out < and >. What I tried to do is filter out
< and > of those unwanted tag, for example, I will keep those tags I want
like <A></A> ,<Img></Img> . I think UBB was necessory because there was not
a concept of formed html. If we use formed html, we can achieve the some
result as we use UBB.

What do you think?


I think you'll find it may get complicated fairly quickly, whatever you
do: you'll need to work out what to do with things like:
>Look Here<<<<<a really good thing!>>>>Don't look here!


which people may well want to use in their posts. You'll also find that
people *will* try to abuse your system, virtually whatever you do. If
you're inserting the tags yourself rather than just filtering out tags
you definitely don't want, it gives more control, IMO.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Jul 21 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Lodewijk van Haringhal | last post: by
7 posts views Thread by Alan Bashy | last post: by
1 post views Thread by Steve | last post: by
9 posts views Thread by FERHAT AÇICI | last post: by
22 posts views Thread by Amali | last post: by
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.