It looks like that did it. I think this illustrates an important point to be aware of. If you enable html in messages, you open a whole can of worms of possible mess. If someone wanted to screw around, they could cause all sorts of havok by closing table tags, inserting javascript etc. The fix requires building in an html preprocessor in the board cgi to check for such things, limit html to only allow certain formatting tags, and check for errors like in this post so the topic doesn't become inaccessible.
That's what I liked about the UBB code, it was meta html that translated into html, but didn't allow for tags to actually be processed, which is just a matter of escaping out < and >. I think if the UBB code processing could be hacked back into the board and html disabled, it'll save us a lot of administration in the long run. As well, security. With html enabled, there is always the possibility of the board being hacked by a cleverly crafted message.
In the mean time, this is something for moderators to keep an eye on. We may need to clean up messages from time to time to restore topics like this one. |
