Menu
▾
▴
Re: [sfWiki-devel] wiki.jos.org
|
From: Iain S. <iai...@ya...> - 2001-04-02 20:05:12
|
At 12:56 AM 4/1/2001 -0500, Todd L. Miller wrote: > Should be ready to rumble, except for the high-speed edit refusal >stuff. I've modified the WikiRenderer to replace <script> tags with ><script>, so as to prevent 'malicous' (sp?) HTML. (If there's other >stuff that should be disallowed, or if only certain tags should be >allowed, please weight in.) I haven't re-imported the files from >metamech, pending a review. :) Cool. It looks great. Let's polish up the look and feel (as per the other email I just sent). I was also wondering if we shouldn't go the other way when it comes to allowing HTML. Unless the HTML is explicitly allowed, its filtered out (the brackets turned to < and >). Then we can create a list of allowed html that we're pretty sure is safe and not have to worry if we missed adding something crucial. So, table, font, etc may be allowed. It's a little more work as we'll have to create a list for the parser to parse, but also gives is better control/security. And we can start with a really small list, and slowly add tags when people complain (and they can justify why its needed and safe). I prefer this approach because its safer, and will hopefully encourage people to use wiki tags instead of html (there should be no reason to need bold tag support for example because wiki tags support this). my 2cents at least -iain |
