When you choose to "Allow Arbitrary HTML," Discus does no screening at all of the messages typed in by visitors to your board. This allows them to write JavaScript to annoy your users, use META redirects to "hijack" your page, and to post unverified HTML (without closing tags). Additionally, since formatting tags are not interpreted, you lose the ability for image upload and the smart conversion of newlines to line breaks.

Example 1: User posts: Hello, Jim. <H1>Some big text

You see: Hello, Jim.

Some big text. Since this user did not close the <H1> tag, the rest of the text on the page following his post is displayed in very large letters. As you can imagine, it would get quite annoying to read! Because we want you to read the rest of this document, we will close the tag here...

Example 2: User posts: Hello, Jim. <META HTTP-EQUIV="refresh" CONTENT="1; uri=http://www.someXXXpornsite.com">

You see: Hello, Jim. (And in 1 second, you are redirected to a site that you may well not have wanted to visit.)

A particularly creative user could do many nasty tricks with JavaScript or style sheets, like open new windows, change colors on the page, or even crash some browsers. We hope that these few examples of the abuse potential for this option have convinced you not to use it unless only you, or you and a set of very trusted users, will be using your discussion board.