[Empeg-general] Re: HTML code in BBS post
Sven Mueller
sven at incase.de
Tue, 19 Mar 2002 23:44:00 GMT
Which is exactly what I think is either invalid, or also applies to UBBCode. Actually, since HTML is not parsed by the BBS software, while UBBCode needs to be parsed by it, it would be easier to hack the BBS software using UBBCode then it is using HTML. This, of course mainly applies to buffer overflow attacks, which are avoidable if the software is written The Right Way(tm).
If Paul and you are concerned regarding possible user side (browser side) exploits, this are almost certainly also doable using UBBCode.
If there is another security reason I overlooked, I would really like to know which it is (via PM if you don't want it out in the public).
cu,
sven