[pLog-svn] ugh. r6488 breaks our good old friends <, >, < in post text
endless enigma
endless_enigma at mail.ru
Sat Feb 21 21:00:59 EST 2009
I don't think having a checkbox is a good idea.
I like the bbcode idea though.
On Sun, 22 Feb 2009 02:07:44 +0100, Jon Daley <plogworld at jon.limedaley.com> wrote:
> I had an idea about this. What do people think about having a
> checkbox for plain text vs. HTML when commenting? Then, if the person
> chooses (the default) plain-text, then the filtering is easy, because we
> can run html_entities() or whatever on everything.
> And then how stuff currently works would happen when the HTML box is
> checked.
> I was also wondering about not doing HTML at all, but forcing a bbcode
> or something other pseudo-HTML like that.
>
> On Tue, 17 Feb 2009, Jon Daley wrote:
>
>> No answer? I'll just keep coding then.
>>
>> I'm having trouble with allowing HTML and a '<' in a comment. I am not
>> sure how to get the bad-code-filtering and the XHTML checker to allow
>> it. Right now, '<' and '>' are removed, since they are bad HTML. If we
>> didn't allow HTML, but instead used a bbcode-variant, that would fix
>> it, that then I could escape all HTML.
>>
>> On Fri, 13 Feb 2009, Jon Daley wrote:
>>
>>> I just noticed that due to the htmlDecode call in filterJavascript
>>> for the postText, it (now, as of rev. 6488) converts < to < (in
>>> order to catch the tricky javascript coders) and then the < is removed
>>> by the xhtmlize() call later.
>>> I first thought I could put a htmlentities() or htmlspecialchars() at
>>> the end of filterJavascript(), but that causes all html entities to be
>>> saved as non-html, ie. all < are converted to <
>>> Maybe we do need to switchover to a new filter?
>>> And, please check out the following bug, which is likely the same
>>> issue as what I just found. I see that no one has been testing
>>> 1.2.9? Are you all still using insecure versions of LT (ie. 1.2.8 or
>>> 2.0?)
>>> http://bugs.lifetype.net/view.php?id=1579
>>>
>>
>>
>
--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
More information about the pLog-svn
mailing list