I built an information system where users have their own profiles, which they can freely edit themselves. One of the fields, a sort of "biography", allows the user to write about themselves. To make it simple and easy, it allows you to use many standard BBcodes (bolding, images, etc). Back-end coding strips out anything unauthorized (ie, HTML tags).

A user has come forward, wanting to know if they could put a Java applet in their profile. Frankly, I don't care. But I have not had much experience working with java applets, and have the question: Is it safe to allow users to 'embed' their own java applets? (by safe, I mean: will not affect the system, will not affect other users viewing it)

I just want to be certain it can't be used by a malicious user to exploit others.

Thanks!

sorry if this is the wrong category, wasn't sure whether to put it in HTML or JavaScript