Are you ready to switch to HTML parsing permanently?

Poll: A global switch to HTML parsing

Are you ready?

Tags: Bbcode
Html
Parsing
Wysiwyg

Trustmaster	#24107 2010-04-14 23:35
Administrators Thanked: 263 times	# donP : But if anybody tries disabling Javascript to edit directly HTML code NO TEXTAREA AT ALL would appear with that method, no? Or I'm misunderstanding? So, how can anybody try to send HTML code to database if there's no a textarea? Koradhil means that an experienced hacker would make a special formed HTML page himself to submit unfiltered POST data, so server-side filtering with HTML-purifier is still required. May the Source be with you!

Trustmaster

#24107 2010-04-14 23:35

# donP : But if anybody tries disabling Javascript to edit directly HTML code NO TEXTAREA AT ALL would appear with that method, no? Or I'm misunderstanding?
So, how can anybody try to send HTML code to database if there's no a textarea?

Koradhil means that an experienced hacker would make a special formed HTML page himself to submit unfiltered POST data, so server-side filtering with HTML-purifier is still required.

May the Source be with you!

Yes, if migration is automated	83.3%	65
No, never	1.3%	1
Please support multiple parsers, despite it is hard to maintain!	15.4%	12