Please help! Is the support to UBB code still necessory?

  • Thread starter Thread starter david
  • Start date Start date
D

david

I am developing a BBS, I find many bbs system support UBB code, they claim
UBB code is safer. But I think I can achieve the same security by filter out
all html tags that allowed in the system and output other < and > character
as &lt; and &gt;. I could have more control in this way. I am not sure if it
is the right way, could anyone with experience on this give your opinion?

Thanks!
 
david said:
I am developing a BBS, I find many bbs system support UBB code, they claim
UBB code is safer. But I think I can achieve the same security by filter out
all html tags that allowed in the system and output other < and > character
as &lt; and &gt;. I could have more control in this way. I am not sure if it
is the right way, could anyone with experience on this give your opinion?
Click to expand...

If you just filter out < and > etc you will indeed have a safe system,
but you'll be limiting your users to plain text. The advantage of UBB
is that it gives you a safe set of tags, as I understand it.
 
Thanks for your reply.

For sure I can not just filter out < and >. What I tried to do is filter out
< and > of those unwanted tag, for example, I will keep those tags I want
like <A></A> ,<Img></Img> . I think UBB was necessory because there was not
a concept of formed html. If we use formed html, we can achieve the some
result as we use UBB.

What do you think?
 
david said:
Thanks for your reply.

For sure I can not just filter out < and >. What I tried to do is filter out
< and > of those unwanted tag, for example, I will keep those tags I want
like <A></A> ,<Img></Img> . I think UBB was necessory because there was not
a concept of formed html. If we use formed html, we can achieve the some
result as we use UBB.

What do you think?
Click to expand...

I think you'll find it may get complicated fairly quickly, whatever you
do: you'll need to work out what to do with things like:

which people may well want to use in their posts. You'll also find that
people *will* try to abuse your system, virtually whatever you do. If
you're inserting the tags yourself rather than just filtering out tags
you definitely don't want, it gives more control, IMO.
 
Back
Top