iframe bbcode not possible?

[shoes22]

Hi, when testing several custom BBcodes I noticed any <iframe> parameter is not embedded. Anyone know why this is?

[Martin Blank]

Inclusion of iframes opens some very significant security issues. If it's explicitly excluded from being run, I would applaud this.

[Ectoman]

You might be doing something wrong.

I just tried this and was sucessful in adding a Iframe bbcode.

[shoes22]

Hmm...could I possibly see how you did it? Just as a reference?

[Highway of Life]

Shoes, we've used it before as well, but I echo what was said before... I STRONGLY recommend NOT using an iframe BBCode, but find another method to achieve your goal... even if it's a MOD, trust me, you don't want to open up the ability for users to exploit a security hole.

[user99]

Shoes, we've used it before as well, but I echo what was said before... I STRONGLY recommend NOT using an iframe BBCode, but find another method to achieve your goal... even if it's a MOD, trust me, you don't want to open up the ability for users to exploit a security hole.

My Linux Webhosting admin (=Helpdesk lady) confirmed that its safe to use iframe.

Should it be taken seriously ?

[Paul]

Its security wise a bad idea to add a iframe bbcode.

[code reader]

My Linux Webhosting admin (=Helpdesk lady) confirmed that its safe to use iframe.

Should it be taken seriously ?

it might be perfectly safe to use iframes (although, for various reasons *other than security*, i think it's a good idea to use it as little as possible, preferably never).

however, that doesn't mean that it's safe to have an iframe bbcode: with iframe bbcode, you let every (potentially malicious) poster to determine what will be the content of the iframe, which is quite different than "using iframe", where you yourself decide what will be the content.

[battye]

My Linux Webhosting admin (=Helpdesk lady) confirmed that its safe to use iframe.

Should it be taken seriously ?

it might be perfectly safe to use iframes (although, for various reasons *other than security*, i think it's a good idea to use it as little as possible, preferably never).

however, that doesn't mean that it's safe to have an iframe bbcode: with iframe bbcode, you let every (potentially malicious) poster to determine what will be the content of the iframe, which is quite different than "using iframe", where you yourself decide what will be the content.

Indeed, the helpdesk lady may have thought you means including an iframe on an HTML page - which is fine, because YOU would be choosing which site is in the frame.

Open that option up to everyone though, and you have no control what gets put in there. Not worth the risk.

[guxi]

Hey man, why do not consider the possibility to let that blamed "iframe bbcode" to be used only for
certain group of members.
I think that a forum must have a core of trusted members.
So, all we have to do is to let ONLY those members to use that iframe bbcode.

A kind of MOD like the one allowing posting URLs afer one million posts, allow using smilies [only 2,31 pe post]
for the ones that have posted 2,2 billion posts without off-topic and so on...