to make sure everything is closed or to just disable HTML.
That's probably why most boards went to BBCode. After all, they only wanted you to be able to change the font style and color, not write an entire operating system in a forum post!
It would make all this "check bad input" stuff so much easier. As this is a recreation of the disc app service, I don't think I'll be able to switch over to BBCode so I'll need to figure out some sort of generic parser that catches most of those instances.
There is an option in the security set... more
One or two boards?
Does the HTML spec allow for "
Only problem is 1
Or just brainstorming here... font tags and heading tags and p tags are about the only things you need. That lets the users modify the text--which is all they want to do most of the time anyway. (At any rate, I'd definit... more
Script tags should definitely get HTML encoded. I think I should be able to handle that with a regex.
Thing is style tags do it as well. How many tags should be excluded? Maybe just script tags as they can be malicious...?
Does any old tag do it?
what about a
what about body t... more
Note: By "worked" I mean that the site worked and nothing was broken. Not that it "worked" at breaking the site. Only tested on Firefox 82.0.3 (64-bit).. probably 99.9% the same on all other modern browsers (Edge/IE excluded. :p)
* Edit: worked.
* Edit: Ok t... more
So that might be a fun April 1 effect?
Some browsers "helpfully" try to close a tag for you. I get not closing a script tag, though, as what will happen if you close it and get the equivalent to "delete *"?