473,320 Members | 2,035 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Please help! Is the support to UBB code still necessory?

I am developing a BBS, I find many bbs system support UBB code, they claim
UBB code is safer. But I think I can achieve the same security by filter out
all html tags that allowed in the system and output other < and > character
as &lt; and &gt;. I could have more control in this way. I am not sure if it
is the right way, could anyone with experience on this give your opinion?

Thanks!
Jul 21 '05 #1
3 1392
david <wy*****@hotmail.com> wrote:
I am developing a BBS, I find many bbs system support UBB code, they claim
UBB code is safer. But I think I can achieve the same security by filter out
all html tags that allowed in the system and output other < and > character
as &lt; and &gt;. I could have more control in this way. I am not sure if it
is the right way, could anyone with experience on this give your opinion?


If you just filter out < and > etc you will indeed have a safe system,
but you'll be limiting your users to plain text. The advantage of UBB
is that it gives you a safe set of tags, as I understand it.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Jul 21 '05 #2
Thanks for your reply.

For sure I can not just filter out < and >. What I tried to do is filter out
< and > of those unwanted tag, for example, I will keep those tags I want
like <A></A> ,<Img></Img> . I think UBB was necessory because there was not
a concept of formed html. If we use formed html, we can achieve the some
result as we use UBB.

What do you think?

"Jon Skeet [C# MVP]" <sk***@pobox.com> wrote in message
news:MP************************@msnews.microsoft.c om...
david <wy*****@hotmail.com> wrote:
I am developing a BBS, I find many bbs system support UBB code, they claim UBB code is safer. But I think I can achieve the same security by filter out all html tags that allowed in the system and output other < and > character as &lt; and &gt;. I could have more control in this way. I am not sure if it is the right way, could anyone with experience on this give your
opinion?
If you just filter out < and > etc you will indeed have a safe system,
but you'll be limiting your users to plain text. The advantage of UBB
is that it gives you a safe set of tags, as I understand it.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too

Jul 21 '05 #3
david <wy*****@hotmail.com> wrote:
Thanks for your reply.

For sure I can not just filter out < and >. What I tried to do is filter out
< and > of those unwanted tag, for example, I will keep those tags I want
like <A></A> ,<Img></Img> . I think UBB was necessory because there was not
a concept of formed html. If we use formed html, we can achieve the some
result as we use UBB.

What do you think?


I think you'll find it may get complicated fairly quickly, whatever you
do: you'll need to work out what to do with things like:
>Look Here<<<<<a really good thing!>>>>Don't look here!


which people may well want to use in their posts. You'll also find that
people *will* try to abuse your system, virtually whatever you do. If
you're inserting the tags yourself rather than just filtering out tags
you definitely don't want, it gives more control, IMO.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Jul 21 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Lodewijk van Haringhal | last post by:
I'am new with javascritping not with programming. Is there nobody who can help me with ths simple promblem? :) Please, please give me a hint. Please help me with this script. I have two lists in...
7
by: Alan Bashy | last post by:
Please, guys, In need help with this. It is due in the next week. Please, help me to implement the functions in this programm especially the first three constructor. I need them guys. Please, help...
1
by: Steve | last post by:
Hi, I've asked this question a couple of times before on this forum but no one seems to be nice enough to point me to the right direction or help me out with any information, if possible. Please...
13
by: sd00 | last post by:
Hi all, can someone give me some coding help with a problem that *should* be really simple, yet I'm struggling with. I need the difference between 2 times (Target / Actual) However, these times...
8
by: CM | last post by:
Hi, Could anyone please help me? I am completing my Master's Degree and need to reproduce a Webpage in Word. Aspects of the page are lost and some of the text goes. I would really appreciate it....
2
jeffbroodwar
by: jeffbroodwar | last post by:
Hi everyone ! i need help on how can i convert xml data to resultset.. actually i was able to convert ResultSet to XML (using MySQL database) the problem is how can i make my client program consume...
9
by: FERHAT AÇICI | last post by:
hi all! who know arrays on visual basic please tell me.... thanks..
22
by: Amali | last post by:
I'm newdie in c programming. this is my first project in programming. I have to write a program for a airline reservation. this is what i have done yet. but when it runs it shows the number of...
0
by: 2Barter.net | last post by:
newsmail@reuters.uk.ed10.net Fwd: Money for New Orleans, AL & GA Inbox Reply Reply to all Forward Print Add 2Barter.net to Contacts list Delete this message Report phishing Show original
0
by: uno7031 | last post by:
Help Please!!! Adding 5 Days to another Date in an access query Good Morning, Help please…. I am new to access and trying to write a query that will add 5 days between a RecDate and a...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.