Why Is Html So Bad

[TCH-Thomas]

I have been thinking about this for a while.

Why is HTML so bad to set to on when configuring guestbooks etc?

 

In my guestbook it says this:

HTML code is disabled

Smilies are ON

AGCode is ON

 

Wouldnt it be better to allow HTML instead of AGCode? HTML is atleast something most people have heard about.

 

By the way, what is AGCode?

 

-Thomas

[borfast]

Thomas, if you allow your visitors to use HTML in your guestbook/forums/etc, someone might code an exploit for a known security issue with a specific browser, for example. That's why HTML is usually disabled in guestbooks, forums and stuff that allows user input.

[TCH-Thomas]

I figured that.

But then, why is those other code-languages better? Cant a security threat be be invented in those others?

 

-Thomas

[borfast]

Yes, it can. And it has happened some times with phpBB and it's BBCode implementation, and even with Invision Power Board.

But it's much easier to fix a bug in the "code-language" implementation than in Internet Explorer, for example.

 

A security threat in the "code-language" is solved by simply patching/upgrading the guestbook/forum software, while a security threat in a browser is only solved if all your visitors patch/upgrade their software - which one do you think will be easier?

[TCH-Thomas]

Hehe...

 

I forgot one question... Lets take my guestbook as example.

Why advertise to the visitor that he/she can use AGCode if no explanation-link.

That is bad from the designers i think.

-Thomas

[TCH-Don]

Thomas, if you are using the advanced guestbook,

when someone goes to sign your guestbook

there is a link below AGCode is ON

 

HTML code is disabled

Smilies are ON

AGCode is ON

 

Show legend

that will show how to use them.

 

 

Hope this helps

[TCH-Thomas]

Ah, found it.

 

Thanks.

 

 

-Thomas :Nerd: goes to eye-doctor tomorrow

Edited January 14, 2004 by Tonsa