There are a few profiles on BLUF where people are using HTML, for example to have different text effects, or to embed YouTube videos.

How do other people feel about these?

At the moment, BLUF is still relatively small, though growing fairly quickly. And plain statistics mean that that the bigger a site gets, the greater the chance there'll be someone with unhelpful intentions. This is one reason amongst others for the security phrase that's been added to the site.

If users can add HTML to their profile, it's theoretically possible that they can do a lot more than embed a YouTube video. They could link - even unwittingly - to a malicious site. Or add something that breaks the rest of the BLUF page.

The chance of this is, of course, pretty small, certainly right now. But it's not impossible, and it can only increase as we get bigger.

So, there are essentially three options I can think of:

1. We carry on as we are, and hope no one ever adds something nasty to their profile
2. We disallow any HTML in profiles, and remove whatever's there, to ensure BLUF members are protected
3. We continue to allow it, but if you have a profile with HTML, it will be stripped out until one of the admin team has verified that it's ok

My own preference is for 3, at the moment. We'll have to have a queue of photos to approve once people can upload them, so profile text can be added to that.

I'd stress that it will only be checking for a limited range of things - we mustn't go down the Recon/Gaydar route of not letting people post any links at all. But equally, we don't want malicious or inappropriate stuff linked to a profile; I'd not be happy, for example, if someone embedded a link to a Nazi speech, or a pyramid marketing scheme in their profile.

Nigel.