graffiti post can vandalize page... (of course)

Pogo

a hopefully-somewhat-amusing demo: would this be considered an issue?

(edit: OK, hardly news: here's a graffiti demo from Chuyskywalker, & SIrNot explaining why it's not seen as an issue (and how to prevent it by disallowing in-line style if you want to); one from Jstripe, and a thread on the topic.) But mine is big and moves!keywords vandal, vandals, vandalize, vandalism

Dinoboff

it is an issue with the html formatter (maybe just the settings on this forum).

Mark is confident we won't abuse of the html formatter feature.

MySchizoBuddy

another thing to note is that CommentBODY isn't cleared properly so if you float an image in the comment it will break the layout.
align=left for img tag is float left. people might use it and won't know why the layout breaks

Dinoboff

You can use something like http://htmlpurifier.org/ if you need more control and still want to use html.

Pogo

line height not like fontline ht set = fontSince you mention it, MSB, here's that plus another thing - line height not following font. Edit: easily fixed by adding line-height to style

NickE

well I said earlier, you can disable inline styling in the extension if you don't want people screwing up your layout (the image alignment thing isn't really the fault of the formatter, that's more to do with the styling of the forum). I suppose I could also add something to disallow certain attributes -- maybe even add an option to use a whitelist (like kses, htmlpurifier) instead of a 'blacklist' approach -- if you really wanted.

MySchizoBuddy

Sirnot, Me no complain about the formatter, just mentioning that CommentBody isn't cleared. so its vanilla problem integrating html purifier would be great. Another thing being that if people switch the formatters from htmlformatter to fckeditor, it should work both ways (new fckeditor coming does everything via classes, no inline stying allowed) A common filter list that all formatters can use will be great Looks like HTML purifier is being kept to date, kses seems to be dead, and cannot validate content inside attributes. reading the comparison between other filters http://htmlpurifier.org/comparison.html these guys are very thorough.

Pogo

Don't mind me SirNot - just bumbling through the usual noob epiphanies. "Hey - I can put stuff anywhere on the page!"

The switches you've put in sound ideal.

MySchizoBuddy

so are we going to fix the proper clearing of the CommentBody or leave it be

Wanderer

I think we need more examples of Jessica (and maybe her puppies) to help us decide?

Posted: Tuesday, 20 November 2007 at 6:37AM

Dinoboff

How would you fix it? Where would you add the clear rule?

MySchizoBuddy

don't look at me, i haven't had any luck clearing it properly, specially since the panel is floated as well, so clearing CommentBody clears the panel as well

Wanderer

Hacker me says add a few line breaks after it <br> <br>

That's what I did when it happened to me

Posted: Wednesday, 21 November 2007 at 6:20AM

WallPhone

/me ponders a moment and realizes he has nothing constructive to add. First thought would be to make the element following the float equal height of the float... but that doesn't really fix anything. Maybe add float to the blacklist.