Ok, this is not actually a problem, but I would like to understand it.. At my company we have an intranet site, plain html. This site has a html forum as well. When I write in the textarea I can use html tags to change the text's appearance/design. I can even use local css inside the tags and it is working. However when I try to add the following javascript tag:

<script type ="text/javascript>
alert("this is a test");
</script>

...nothing happens. Of course I am not the programmer/webmaster of the forum, I am just simple user. So my questions are:

1. Why can I use html tags (div, span, ect.) and cannot use the script tag? Why is one working and the other not?

2. Isn't this a fault of the webmaster that I can use html/css inside the forum page (this way having the possibility to mess up the design of the page : like inserting big squares/text or whatever)? (Do not missunderstand me I have no intention to do it, but still there is the possibility)

3. Shouldn't he use validation (using javascript) of the textarea before the message is saved/stored?

As I am very new into html/css/javascript I am just very curious how and why things happen!

Thank you in advance for your replies!

Probably javascript is disallowed for security reasons. That's normal as well as allowing only a small range of HTML tags. The most usual is probably that no HTML is allowed and people have to use whatever formatting features the forum offers, as is the case here.

That's not really necessary, and would of course take more time to create. The important thing is that messagea are checked/sanitized by the server-side script (which appears to be the case).

"Probably javascript is disallowed for security reasons."

How can javascript be disallowed? Is there a code which disallows it? Is it disallowed on the client-side (html) or on the server side? Can I view the disallowing code in the source?

Sorry for so many questions, but I want to learn.

The validation you talked about. PHP will remove or change not allowed stuff.