From: D. R. N. <d.r...@qu...> - 2006-03-23 21:11:47
|
Wings-of-Glory wrote: > Damian Parker wrote: >> Dont forget that HTML format also brings with it security risks, such as >> the method of obtaining tiki_p_admin. This is why "Allow HTML" is >> always disabled and should really be avoided at all costs. > > sure, but evil tags could be stripped out, like javascript and else... And also, there are groups of users, with higher security permissions, that should have full HTML access. They are editors and designers. Don't assume every user is someone who just registered on the site. A number of us use Tikiwiki for people who have been trained to write good HTML. These are superior beings whom we serve, more important than mere programmers. Just like Jesus washing the feet of his disciples, coders should serve users. An annoyance for such skilled, but busy, users is that a number of tikiwiki forms always come up with Allow HTML unselected. It isn't even an something you can configure. Dave Newman |