Why can't we be just allowed to use use html and css to make threads?

[126]

I know this question may be dumb but if we were able to make threads with HTML, they would look hella cool! Just look at this simple thing I created with pure HTML and CSS. This and this.

You can like the post if it helped and have a good day.

[283]

XSS xd
jk, i tkink it could be nice but too difficult to implement

[1.307]

Show me pls a single forum which allows html/css in a public post or for normal users which are non staff.
Ah yes, there's none for serveral reasons. Biggest reason is the security part.

ONLY DISCORD: zombie#7550 (ID: 785571908267671613)
ONLY TELEGRAM: @zombie_dev

I DONT DO MM. CONFIRM ALWAYS VIA PM ON CRACKED!

[126]

Show me pls a single forum which allows html/css in a public post or for normal users which are non staff.
Ah yes, there's none for serveral reasons. Biggest reason is the security part.

Umm you are correct. But I was just wondering what is the security concern. JavaScript? Because HTML and CSS are just markup languages and can't do anything else. So if <script> is disabled??

You can like the post if it helped and have a good day.

[2.567]

Show me pls a single forum which allows html/css in a public post or for normal users which are non staff.
Ah yes, there's none for serveral reasons. Biggest reason is the security part.

Umm you are correct. But I was just wondering what is the security concern. JavaScript? Because HTML and CSS are just markup languages and can't do anything else. So if <script> is disabled??

<img> tags would have to be disabled too because you could use it like this:

Code:

<img style="display: none" src="random IpLogger url">

this would log the Ip of every user that opens the post without any notice

edit: every tag that has the option to use an external source (src="random url") would have to be disabled because of this

[72]

XSS xd
jk, i tkink it could be nice but too difficult to implement

Exactly, XSS. Lol, there are just too many ways to inject JS that it's better to disable all html/css

---

Show me pls a single forum which allows html/css in a public post or for normal users which are non staff.
Ah yes, there's none for serveral reasons. Biggest reason is the security part.

Umm you are correct. But I was just wondering what is the security concern. JavaScript? Because HTML and CSS are just markup languages and can't do anything else. So if <script> is disabled??

<img> tags would have to be disabled too because you could use it like this:

Code:

<img style="display: none" src="random IpLogger url">

this would log the Ip of every user that opens the post without any notice

edit: every tag that has the option to use an external source (src="random url") would have to be disabled because of this

Yeah, also onerror and many other attributes

[3.988]

nice try :fightpepe:

[63]

Show me pls a single forum which allows html/css in a public post or for normal users which are non staff.
Ah yes, there's none for serveral reasons. Biggest reason is the security part.

Umm you are correct. But I was just wondering what is the security concern. JavaScript? Because HTML and CSS are just markup languages and can't do anything else. So if <script> is disabled??

<img> tags would have to be disabled too because you could use it like this:

Code:

<img style="display: none" src="random IpLogger url">

this would log the Ip of every user that opens the post without any notice

edit: every tag that has the option to use an external source (src="random url") would have to be disabled because of this

yea, i was thinking about that too. but i've seen forums (don't remember quite well), only allows images from certain trusted source like imgbb, imgur. so why not use whitelisting?

DISCORD : AccountRepublic#9321 [ UID : 667336362885775360]