View Single Post
 10-30-2009, 10:21 PM
Regdate: Oct 2009
Posts: 2
Age: N/A
Reputation: 5

  • MyBB Version: 1.4.9
  • PHP Version:
  • MySQL(i) Version:
  • Forumlink: localhost
  • Screenshot:
  • Actions that lead to this issue:
  • Other Usefull Info:

I want to ask about Custom Profile Fields.

I have a default custom profile fields. It is fid1 (Location) field. And I use {$userfields['fid1']} to display this field value.

I fill a simple javascript code in the field via usercp:

<script type="text/javascript">
document.write("Example Scripts");

And the result is: Example Script.

So, I think {$userfields['fidx']} will render the script that filled in the custom user fields. It doesn't happen with {$profilefields}.

So, is it secure if we use {$userfields['fidx']} code in member profile page?

Quote this message in a reply