HTML code in BBS post | General | unofficial empeg BBS

You are not logged in. [Log In] empegbbs.com » Forums » empeg-car » General » HTML code in BBS post

Topic Options

#82323 - 20/03/2002 03:28 Re: HTML code in BBS post [Re: tonyc]
peter carpal tunnel Registered: 13/07/2000 Posts: 4172 Loc: Cambridge, England	HTML is a markup language. Unless it's carrying embedded client-side JavaScript or something, I find it difficult to believe someone can do anything more malicious than linking to www.goatse.cx or using <BLINK> tags. HTML was a markup language. These days it's a shell language for running client-side ActiveX controls and JavaScripts, all of which can take control of the browser in various eerie ways. Presumably the BBS software never allowed unfiltered HTML to be entered into posts though; software with such a bug should never have left the building. [] HTML that's filtered so that only certain tags (the genuine markup ones) are let through, and certainly not <script> or <object>, should be safe. Although see http://utter.chaos.org.uk/~pdh/test/ for what amounts to a "denial of service" attack, using just <table>, mounted against Netscape 4's table layout engine. Peter [] Slight tone of sarcasm, as Outlook Express, among many others, clearly left the building with this bug in.
Top