HTML editor vs. bbcode - Pros and cons please

[ivoy]

I am having someone build a custom forum for one of my websites and he is advising the bbcode for security reasons. I personally do not find it as user friendly as the html editors similar to the one used in vBulletins.
What your thoughts and suggestions?
Thank you!

 

[Domagon]

If you are talking about allowing users to enter HTML tags in their posts, then I'd suggest not doing that, because...

There's no sure way of selectively filtering out "dangerous" HTML ... thus it's safer to NOT allow HTML at all.

However, if the HTML editor is only for use by admins, mods, etc and not regular users, then may be ok, but understand the security risk still exists regardless.

Ron

 

[ivoy]

Thanks for your input, Domagon. I agree that for security purposes bbcode seems like a better choice. However, it's does not look very inviting, especially to beginner users and that why I am being tempted by the html editors. Since I do not have much experience with building and maintaining forums I'd like to know how a forum like NP survives and does so well while allowing the html to users on all levels?

 

[psalzmann]

VBulletin's posting editor IS BBcode ready. When you click CTRL-B on keyboard it bold's it. On preview it transforms that html from wysiwyg editor into BBCode.

IE: <b> = , <font name=""> = [font name=""]

 

[ivoy]

VBulletin's posting editor IS BBcode ready. When you click CTRL-B on keyboard it bold's it. On preview it transforms that html from wysiwyg editor into BBCode.

IE: <b> = , <font name=""> = [font name=""]

I am interested in the security aspects of the wysiwyg editor. How does NP prevent potential problems associated with allowing users on all levels to post and edit in html?

 

[shockie]

for things like forums where members post their own content, i would suggest that you use bbcode over html. although there are some ways to only allow certain html codes to be used, bbcode is less of a hassle and has the formatting and whatnot you would need. it is after all designed for these purposes (bb = bulletin board).