Currently is someone is able to hack into one your of moderator accounts they could use it to launch a XSS assack since they could select the option to use HTML in announcements.
To fix this open modcp/announcement.php
Change
to
All you are doing is commenting it out. You will need to do this each time you upload a new version of vbulletin.
To fix this open modcp/announcement.php
Change
PHP:
print_yes_no_row($vbphrase['allow_html'], 'announcementoptions[allowhtml]', ($announcement['announcementoptions'] & $vbulletin->bf_misc_announcementoptions['allowhtml'] ? 1 : 0));
to
PHP:
//print_yes_no_row($vbphrase['allow_html'], 'announcementoptions[allowhtml]', ($announcement['announcementoptions'] & $vbulletin->bf_misc_announcementoptions['allowhtml'] ? 1 : 0));
All you are doing is commenting it out. You will need to do this each time you upload a new version of vbulletin.