Can you also please tell me about iframe. I have read that if i use iframe then my forum can be hacked by using js attack
the problem is not so much when you use it, but when you allow any random person to create them on your forums by way of "allow posts using HTML" to all users. This is disabled by default and there are a few measures in place that help protect you. But ultimately, if you allow others to post pure HTML code in your forums, you're also allowing them access to build pages inside your pages.
