Does tidy have an option to strip Javascript? There's a number of nasty exploits you can do if you can embed Javascript in a post, and it would be nice to prevent them.
Buffistas Building a Better Board
Do you have problems, concerns or recommendations about the technical side of the Phoenix? Air them here. Compliments also welcome.
Do we even allow a t script tag? If so, it's easy to strip them out without tidy since we already do that with lots of other tags.
This may just be my browser, but starting here Jessica "Coffee On My Monitor" Oct 30, 2002 11:06:11 pm PST, there is a whitefont problem that goes on for a number of posts.
etbe more specific. Things go back to normal in post 656.
We only let a handful of tags through -- t script isn't one of them. Is there anywhere else it can be embedded?
I think I fixed it Lee. Please check since it wasn't a problem in my browser.
Tidy won't strip javascript, but the replacement t 's with their entity counterparts already disables in script.
Yep, that fixed it, Jon.
This may just be my browser, but starting here Jessica "Coffee On My Monitor" Oct 30, 2002 11:06:11 pm PST, there is a whitefont problem that goes on for a number of posts.
Wow, um, sorry! (Still, I'm impressed that it apparently went unnoticed for two years.)
The same thing happened in one of the threads the other day, Jessica. Because no one else mentioned it, despite there being an active conversation, I assume it was limited to people using Mac OS 10.3.6 and Safari 1.2.4, or in other words, me.
It also depends upon how many posts you are set to display at once.
I notice oddness often because I gather 100 posts at a time, and oddities stand out.