Skip to main content
Topic: [BBCODE] HTML tag (Read 3289 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.


Starting for ElkArte 1.0.1 the HTML bbcode will not be a core function any more, due to the security risk involved.
But since someone may want badly to use it, here it is a replacement for it.

HTML bbcode v1.0

This Elkarte addon is released under a BSD-3-Clause license

The HTML bbcode allows to use plain html in posts.
This particular bbcode can be used only by admins, and even so it can be a security risk, so use it only if you don't have any other alternative. And even so, before using it consider the possibility to create a bbcode specific for the effect you want to obtain.

Repository / Download

Change log
  • 1.0.0 - Initial release
Last Edit: August 25, 2015, 02:19:54 pm by emanuele
Bugs creator.
Features destroyer.
Template killer.


Reply #1

I used the html BBcode a few times, to embed some documents on issu. This could be useful, thanks ;)


Reply #2

Yes, I know many use the tag for several different things, though it is currently responsible for a security vulnerability (mine is not theoretical assumption, it's a real threat) in both SMF (probably any version) and ElkArte (version 1.0 and below). Of course I will not give more details for the moment.

So, the most safe option for the core is to remove the tag.

Actually the most secure option would be remove it and not provide a way to restore it, but I know many people prefer an easy way to do what they want, even if it compromise the security of their sites, so here it is. Once the fix in SMF is published I'll post in this topic the way to exploit the tag, so that people will be aware that using this tag they will put their forum in danger.
 emanuele is evil. >:D

Really, there are many ways to achieve almost anything in a safe way.
For example:
the OP wanted to give people the ability to post HTML in order to be able to share facebook bits.
A new tag and 10 lines of code and the problem is solved in a much, much safer way. ;)


Reply #3

Download link not work.


Reply #5

Fixed. :)

BTW that demonstrates this is not a really wanted addon, :P


Reply #6

not wanted, but sometimes could be very useful ;)