Originally Posted by Chuck S
if your allowing html in descriptions yes you want that set to yes.
Like I said we do not use the vb
editor anywhere but on a review.
Sorry, I didn't mean the vb
What I meant was that if I set "Allow HTML in Product Fields" to yes, then the tiny WYSIWYG editor for the product descriptions works as intended for the formatting. It essentially fixes the bug I was reporting. Presumably this is because the tiny editor adds html tags, rather than bbcode, I guess.
My question was regarding the extent of the security issue mention in the description for the setting "Allow HTML in Product Fields" to yes. Does that only affect usergroups that have "Upload Ads" or "Edit Products" set to yes in the usergroup editor? If I only allow moderators to upload/edit products, would there be a way for a user who cannot upload Ads or edit products to exploit this?