Please make the customizing forum easier to use
jfriend
Registered Users Posts: 8,097 Major grins
On behalf of the customizing forum, I'd like to make an appeal to allow the text script and /script tags to be in postings in the customizing forum in their full unmodified splendor.
Someone at Smugmug has configured vBulletin to disallow script tag text in postings because there is a fear that this is somehow a security risk. If people were indeed allowed to post live javascript in the forum, there might be a security risk to that, but this is JUST text. When it gets to a browser, it looks no more like a script than the rest of this posting. Script tags typed into a dgrin posting look only like this to the browser:
<script>
This is text. It's never going to trigger a script. Please, please improve the usability of the customizing forum and turn off the feature that mangles anything we type with script tags in it. This is pure text. It can't be interpreted as a script inside a dgrin posting.
I know I've asked for this before and I was told it was a security risk. I don't understand how it can possibly be a risk and it's a daily annoyance to those who try to support dgrin users with javascripting. If somebody can explain to me how this is actually a security risk, I will stop asking. If nobody can explain how it is actually a security risk (which nobody has to date), then please turn it off in that forum where scripts are exchanged all the time.
On behalf of all the users in the customizing forum, I'm asking for this consideration and change.
Someone at Smugmug has configured vBulletin to disallow script tag text in postings because there is a fear that this is somehow a security risk. If people were indeed allowed to post live javascript in the forum, there might be a security risk to that, but this is JUST text. When it gets to a browser, it looks no more like a script than the rest of this posting. Script tags typed into a dgrin posting look only like this to the browser:
<script>
This is text. It's never going to trigger a script. Please, please improve the usability of the customizing forum and turn off the feature that mangles anything we type with script tags in it. This is pure text. It can't be interpreted as a script inside a dgrin posting.
I know I've asked for this before and I was told it was a security risk. I don't understand how it can possibly be a risk and it's a daily annoyance to those who try to support dgrin users with javascripting. If somebody can explain to me how this is actually a security risk, I will stop asking. If nobody can explain how it is actually a security risk (which nobody has to date), then please turn it off in that forum where scripts are exchanged all the time.
On behalf of all the users in the customizing forum, I'm asking for this consideration and change.
--John
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question
0
Comments
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question
Hang on let me consult with bigwebguy.
Please be patient, I'm traveling back east today and won't be able to answer again until Friday, thank you very very very very much!
Portfolio • Workshops • Facebook • Twitter
we have some forums where html is allowed and unfortunately there is no way to individually block script tags from only those forums. we have to do it at the global level. I dunno if this has changed with more recent versions of vBulletin, but its the way it is right now.
Thanks.
Portfolio • Workshops • Facebook • Twitter