I suppose the answer may be similar for for vBulletin but I wanted to ask here since I am considering allowing HTML in a vBadvanced product only.
I am considering allowing selected users to add HTML to a Gallery custom field so they can post links to their websites. I've done this before in other scripts and someone may try to add shopping cart code, Java, or god knows what. I trust they aren't out to try and get me but what's the worst that can happen? Is there considerable risk?