reBB Documentation

Contents

Security & Verification

reBB includes several security features designed to protect both form creators and users. This guide explains these security measures, what they mean for you, and how to create secure forms.

Security Features Overview

reBB implements multiple layers of security:

  1. Input Validation: Sanitizing form input to prevent malicious code
  2. Sensitive Information Detection: Warning users about forms that collect sensitive data
  3. JavaScript Security Scanning: Identifying potentially dangerous code
  4. User Confirmation Mechanism: Requiring explicit approval for risky forms
  5. Form Verification System: Admin review process for trusted forms

Understanding Security Warnings

Sensitive Information Warnings

When using a form, you might see a warning banner like this:

Warning: This form appears to be requesting sensitive information such as passwords or passcodes. For your security, please do not enter your personal passwords or passcodes into this form unless you are absolutely certain it is legitimate and secure. Be cautious of phishing attempts.

This appears when reBB detects:

  • Fields with names containing "password", "pin", "secret", etc.
  • Form components that appear designed to collect sensitive data

JavaScript Security Warnings

For forms with potentially risky JavaScript, users will see a more prominent warning:

Security Warning

This form contains potentially dangerous JavaScript code that could pose security risks:

  • [List of specific detected risks]

Loading forms with such code may put your personal information at risk or compromise your browser security.

[I understand the risks, load anyway] [Return to safety]

This appears when reBB detects JavaScript patterns like:

  • Executable code functions (eval, setTimeout, etc.)
  • DOM manipulation (innerHTML, document.write)
  • Network requests (fetch, XMLHttpRequest)
  • Storage manipulation (localStorage, cookies)
  • Navigation manipulation (window.location, window.open)

Using JavaScript Responsibly

When you do need JavaScript:

  1. Keep it focused on the specific functionality needed
  2. Comment your code to explain what it does
  3. Use the most straightforward approach
  4. Test thoroughly to ensure it works as expected
  5. Consider requesting form verification for widely used forms

Verification Process

Verified forms are forms that have been reviewed and approved by admins. These forms display a special "Verified" badge in the top-right corner, indicating to users that the form is trustworthy and safe to use.

When a form is verified, it receives several important benefits:

  • Security Bypass: Verified forms bypass the standard JavaScript security checks and sensitive information warnings that might otherwise be triggered
  • Trust Indicator: The verification badge helps users know that a form has been reviewed by administrators

If you've created a form that you'd like to have verified, simply fill out the form verification request.

The verification process typically takes 1-3 days. You'll be notified on Discord when your form has been reviewed.

Security FAQs

"Why does my form show a security warning?"

Your form contains patterns that match potential security risks. This doesn't mean your form is harmful, just that it contains code that could potentially be misused.

"How can I bypass the security warnings for my form?"

The proper way is to request verification for legitimate forms, not to try circumventing the security system. If your form serves a legitimate purpose, the verification process is the best approach.

"Do security warnings mean a form is dangerous?"

Not necessarily. They mean the form contains elements that could be used maliciously. Many legitimate forms trigger warnings because they use advanced features for helpful purposes.

"Why does reBB allow potentially risky JavaScript at all?"

JavaScript enables powerful functionality that many legitimate form creators need. Rather than blocking these capabilities entirely, reBB implements a warning system to help users make informed decisions.

"How can I report a suspicious form?"

If you encounter a form you believe is malicious, contact the reBB administrators with the form URL and details about your concerns.