It's a CSS test.

hlb · August 2005

body {display:none;}

the page should be disappear.

hlb · August 2005

should we have a HTML filter? :)

Mark · August 2005

The html formatter is an optional feature of Vanilla. There are plenty of other, safer formatting options available for Vanilla if you don't want to enable users to possibly wreck forum pages. On this forum I allow the html formatter so that people can post some more advanced information. If people mess up this community forum, I punish them. So, welcome to the douchebag role :)

Hexus · August 2005

I think the strip_tags PHP function may be worth looking into. It would be able to prevent users from doing anything malicious with javascript or the like. Normal HTML elements like "a", "p", etc. could still be allowed.

Mark · August 2005

You are missing the point: All of this has been accounted for. Try to do some javascript and you'll see what I mean.

Mark · August 2005

Okay, for those who are new and haven't bothered to read any of the documentation or install vanilla or really get to know how it all works, I'll spell it out for you:

Discussion comments can be formatted in many ways in Vanilla. The default installation only has a single formatter available: Text (see the little "Text" radio at the bottom of the comment form?). Other formatters are available in the form of extensions. Two extra formatters available here on this installation of Vanilla are Html and Markdown. I've seen a ton of other formatters that have come out since Vanilla was launched. Some are simple and neat like Textile, others are completely custom to particular forums.

Three formatters I've written personally are the Text formatter, the Html formatter, and the Raw Html formatter.

The Text formatter only allows plain text - all html characters are converted to their entity equivalents.

The Html formatter allows all html, but absolutely no javascript to be posted.

The Raw Html formatter allows absolutely anything to be posted, including javascript.

Now, remember that the ONLY formatter that comes installed with Vanilla is the text formatter. The Html formatter should only be used on forums where your users are html savvy and won't mess up your pages by fudging the elements or adding wonky css. The Raw Html formatter should absolutely only ever be used on forums where it is a very small community and you trust your members implicitly. For example, a small group of developers may install Vanilla and want the Raw Html formatter enabled while they discuss application development.

The point of the formatters is to enable and use based on the requirements of the vanilla installation. The Html and Markdown formatters, for example, would not be a good choice for a "Pop Music" discussion forum, wherease a BBCode formatter would probably go over quite well.

End of discussion.

hlb · August 2005

Ah, so I become a douchebag :~( I think that there are some learning curves in markdown & textile, and it is strange to allow user put javascript tag or global css style definitions in the comments. :-/

Mark · August 2005

For the last time, you do not have the ability to put javascript in your comments on this forum. Just go ahead and try.

ChrisGwynne · August 2005

javascript:void(window.g_sDisableWGACheck='all')

ChrisGwynne · August 2005

Can we get syntax highlighting?

Mark · August 2005

*kills Chris Gwynne* :P

Minisweeper · August 2005

Chris i do believe lech was actually working on that?

lech · August 2005

I'm working on it! As soon as I can get it to properly identify <code> </code> tags, this bitch is done! I've been a little lazy lately so you'll have to wait until my brain says "ok i can do this now!" :D

It's a CSS test.

Comments