chem1190c wrote:mojacardave wrote:Exodies wrote:
Is there a reason for the existence of BBCode rather than restricted HTML? It seems perverse.
I mean, we type:
Code: Select all
and a big fuck-off computer somewhere turns it into:
Code: Select all
Is this a sensible use of electricity?
I suspect that (coding wise) it's easier to detect and remove all HTML tags, than to try to restrict the set. There are so many different ways of writing HTML that it must be easier to strip every tag out, and start again with a custom created limited set. Personally I prefer using something like CKEditor, and providing a rich text box for user input, but there's always somebody who'll try to exploit HTML vulnerabilities.
I think the simple answer is that html is waaaaay to easy to exploit. Things would fall apart pretty quick, since there's virtually no way to create an all encompassing filter to keep all the "bad" html out.
Many messages boards and forums used to allow virtually unrestricted use of html. One of the more entertaining exploits I've seen people use is:
Including a strategically placed unclosed html tag so that everything below your post vanishes, including the reply field.. sometimes followed up by spoofing the actual reply box/form with a custom written dialog that looks identical to the original. Then when someone tries to respond to the first post it does something .. different.. than they expect it to.
Of course the internet was a much simpler place back then.
Back then... Oh my. I remember web message boards where you typed in your nick and the message each time. The fun you could have taking on the role of all other participants. It was mind boggling. Must have been the early 1990s. (apply your own apostrophe if you feel it is necessary).