|
- Importing graphics is not (yet) allowed. It's inevitable though.
- Positioning is verboten. It allows all sorts of messing up and general sneakiness.
- No form elements for about a billion reasons
- Yeah. Let's not even go there. (In fact XSS is the reason for the major revamp of our filtering)
cheers
Chris Maunder
|
|
|
|
|
Actually - just the plain styles (which you did) cover almost everything I would do. Thanks!
After you mentioned it, I realize how much fun one could have adding their own text to places it ought not go. Mainly I was looking for the (now restored) the colors and shading.
Images =>troll => Uh-Oh image at work => Uh Oh. Maybe, unless any file with an image reference goes to the is-it-spam-box holding cue. And, of course, once posted and if it's an off-CP-site reference, then the image could be replaced by the user with an overlay of the original safe image any time thereafter. I'd love to see how this can be solved without having to upload the images to a CP PetaByte storage area.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Exactly.
However, storage is cheap so we could store on our servers easily and moderate once.
We allow images in articles, so there's a precedent. Not having them in forums is nice since it means they are readable and not prone to massive image dumps (and MB downloads) you see in other forums.
cheers
Chris Maunder
|
|
|
|
|
I can't see any checkboxes out on my settings page...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Your account seems fine. Have you checked spam filters?
cheers
Chris Maunder
|
|
|
|
|
Nothing caught in the spam... As always, I wasn't active on weekend so the only notifications I missed was about this post: The Lounge[^]
Now what is really interesting that all notifications arrived immediately after your answer here...
It may be something about gmail...
In any case, thank you for checking...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Codes like :laugh: no longer seem to generate
Is this by design?
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
They've been removed.
QA is serious business. Very serious. There shall be no smiling allowed.
(You think it's worth bringing back?)
cheers
Chris Maunder
|
|
|
|
|
Chris Maunder wrote: You think it's worth bringing back?
What, QA? Well, there are times when...
Oh. Right. See what you mean. Smileys. Right.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
|
Are you sure there was ever any code in that question? Looking at the revision history[^], I can't see any.
And it's not just that he forgot to HTML-encode his XML; there's nothing in the source of the page either.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Are you sure that OP didn't try to paste a code?
As i mentioned, i've struggled the same yestaerday.
|
|
|
|
|
Maybe it was related to yesterday's interesting deployment[^]?
It doesn't seem to be affecting new questions in QA, so if it was a bug, it looks like it's fixed already.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Maciej Los wrote: i've struggled the same yestaerday
What specifically wasn't working? Do you have an example I can test against?
cheers
Chris Maunder
|
|
|
|
|
Well... As i mentioned, using <pre></pre> tags causes embedded text deletion. Follow the link provided in a previous post.
For example, a result 1 should contain all nodes between <Types></Types> tags, but is has been cutted to:<Type>part of content here</ObjectType> . Note, that when i use "Improve answer" widget i see entire content! Another issue is that that a lang property for pre tag is missing. Whenever i tried to add this in pre tag, it has been removed. It should be: <pre lang="XML"></pre>
Is it clear now?
|
|
|
|
|
Maciej Los wrote: Follow the link provided in a previous post
I saw that and there's a question as to whether the poster actually included code, or whether they included code as actual HTML instead of HTML encoding it (HTML code within PRE blocks automatically gets HTML encoded, so I'm guessing it was the former)
<html>
<p>This should all be encoded.</p>
</html>
I just noticed you added a link to another instance of tags being removed. I added "lang=xml" to that block and everything's now fine. However, I've added that code as a test case because it's the colouriser that's killing it, not the HTML cleaner. We'll get this fixed.
Maciej Los wrote: Another issue is that that a lang property for pre tag is missing
That's just been fixed.
cheers
Chris Maunder
|
|
|
|
|
Thank you, Chris.
Cheers,
Maciej
|
|
|
|
|
At a guess what may be happening is the person pasted in XML without HTML encoding it, and it was stripped. I'd have to check.
Pasted in HTML/XML is meant to be HTML encoded if inside a PRE block, but the code has changed a lot over the last week in order to crank up security. We've previously been fairly loose about what we allow, but we can't do that anymore so we've been erring on the side of caution.
I'll add this as a bug to check and if my guess is true it should be a simple fix.
In the meantime: encode your HTML when pasting in code blocks
cheers
Chris Maunder
|
|
|
|
|
Check my answer to your previous post.
|
|
|
|
|
Is it just me or did the Lounge suddenly turn black?
It's not possible to post anything there either, apparently...
Anything that is unrelated to elephants is irrelephant Anonymous
- The problem with quotes on the internet is that you can never tell if they're genuine Winston Churchill, 1944
- I'd just like a chance to prove that money can't make me happy. Me, all the time
|
|
|
|
|
Forget it, now it seems back to normal (don't know if posting is possible again, though)
Anything that is unrelated to elephants is irrelephant Anonymous
- The problem with quotes on the internet is that you can never tell if they're genuine Winston Churchill, 1944
- I'd just like a chance to prove that money can't make me happy. Me, all the time
|
|
|
|
|
I think it's related to this: Chris: The Lounge[^]
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
It claims to leave my html alone, but that's not actually the case.
It's turning "<br/><br/> " into "<br/> "
".45 ACP - because shooting twice is just silly" - JSOP, 2010
- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
modified 21-Sep-16 12:51pm.
|
|
|
|
|
I've edited your message in an attempt to correct your HTML. Initially I was staring at it sideways and could not work out what was meant to be happening. Let me know if my corrections are correct.
As to expert mode, that needs revamping. It was initially a setting for when we used HTMLArea and it helped fix up some of the crazy stuff that was allowed through. With the move to CKEditor and our use of AngleSharp, all HTML is now forced to be well-formed.
We force well-formedness (that's a new word - feel free to use it in a sentence today) because anything else allows HTML injection issues, content bleeding, and general page screwiness.
The alternative is we switch to Markdown with HTML turned off completely, but that would make my curl up into the foetal position and weep.
So: if I get this right, multiple BR tags get converted to single BR's with a non-breaking space afterwards? That's an odd one.
cheers
Chris Maunder
|
|
|
|
|
I assume the options for Profile Popups, Spacing, Layout, Per Page are stored in a cookie. It would be nice if that information got stored in your profile so that any browser/machine combination you used would all show the same way.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|