on VB, what does each specific thing mean??
No:

Yes:

Yes, but not parsing HTML:


I cant understand it and the ACP help isnt helping me?? ID

No: No user title.
yes: Has one, and it'll use the HTML
Yes, but not parsing HTML: Has one, but it won't use the HTML tags if you put them in.

Is there any chance of maluse of HTML if HTML parsing is enabled?

Since there's a character limit, is it OK if this is allowed? Unless a malicious script to steal board cookies can be written in under 20 chars? :D Last time I checked, it should much larger than that.

You can at least cripple the page layout pretty badly (and easily) with 20 chars of HTML. I'm pretty sure a true malicious script/exploit include can be hacked down to 20 chars as well, but I'm not an expert on that.
Also, people with just a basic knowledge of HTML will probably not be able to cram anything too useful into 20 chars.
And yes, there's always chance of maluse. The worst thing you can do is enable some security hole you only think can't be exploited, but haven't checked throroughly.
(BTW, I'm pretty paranoid when it comes to this.... But they say it helps)

Yeah, you're right. It's probably best left disabled for your average user.
However, in under 20 chars... the most I've been able to fit in is <marquee>M</marquee>
Even if someone wanted to put a "Date/time" script (or a malicious one) into their title, it would take at least 45 chars:
<script src="http://www.x.com/d.js"></script>
Using the shortest domain name I could think of "x.com" and an invented .js file "d".
But maybe if a huge table was created, it would be a problem. Ok, now I know.

Just make sure Pharsing HTML in custom user titles is only for your staff members... make sure it isn't for everyone, because you could be exploited, even if it is a small possability...

Something like "&lt;/table&gt;&lt;/table&gt;" has hich chances of messing up your layout....