You are viewing a plain text version of this content. The canonical link for it is here.
Posted to community@apache.org by Rodent of Unusual Size <Ke...@Golux.Com> on 2004/02/09 11:19:45 UTC
planet aggregation doing some editing?
so, how come the aggregator is stripping out 'style=""' attributes?
it turned '<span style="border: 1px solid;">' into '<span>', which
caused some confusion for someone trying to follow something in one
of my entries..
--
#ken P-)}
Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/
Author, developer, opinionist http://Apache-Server.Com/
"Millennium hand and shrimp!"
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: planet aggregation doing some editing?
Posted by Thom May <th...@planetarytramp.net>.
* Leo Simons (leosimons@apache.org) wrote :
> Thom May wrote:
> >malicious users
>
> huh? Who would that be?
>
planet is a generic codebase, not necessarily just used for trusted lists of
people.
:-)
-T
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: planet aggregation doing some editing?
Posted by Brian McCallister <mc...@forthillcompany.com>.
Probably them DB people. Sketchy crowd ;-)
-Brian
On Feb 9, 2004, at 5:20 PM, Leo Simons wrote:
> Thom May wrote:
>> malicious users
>
> huh? Who would that be?
>
> --
> cheers,
>
> - Leo Simons
>
> -----------------------------------------------------------------------
> Weblog -- http://leosimons.com/
> IoC Component Glue -- http://jicarilla.org/
> Articles & Opinions -- http://articles.leosimons.com/
> -----------------------------------------------------------------------
> "We started off trying to set up a small anarchist community, but
> people wouldn't obey the rules."
> -- Alan Bennett
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: community-unsubscribe@apache.org
> For additional commands, e-mail: community-help@apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: planet aggregation doing some editing?
Posted by Leo Simons <le...@apache.org>.
Thom May wrote:
> malicious users
huh? Who would that be?
--
cheers,
- Leo Simons
-----------------------------------------------------------------------
Weblog -- http://leosimons.com/
IoC Component Glue -- http://jicarilla.org/
Articles & Opinions -- http://articles.leosimons.com/
-----------------------------------------------------------------------
"We started off trying to set up a small anarchist community, but
people wouldn't obey the rules."
-- Alan Bennett
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: planet aggregation doing some editing?
Posted by Stefano Mazzocchi <st...@apache.org>.
On 9 Feb 2004, at 10:04, Brian McCallister wrote:
> On Feb 9, 2004, at 9:50 AM, Rodent of Unusual Size wrote:
>>
>> the style attribute is dangerous?
>>
>
> absolute positioning, maybe.
with color.
I remember somebody (norman walsh?) showing how you can change the
meaning of a page by injecting style that could color words in a
sentence white on a white background, then rearrange the words around
and make it look like a totally different sentence.
pretty clever hack and for sure not that portable with current state of
CSS selectors support, but in the future, well, that's something to be
really concerned about in general.
but for this particular case, style is no danger since it's embedded
and come from the same source.
--
Stefano.
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: planet aggregation doing some editing?
Posted by Brian McCallister <mc...@forthillcompany.com>.
On Feb 9, 2004, at 9:50 AM, Rodent of Unusual Size wrote:
>
> the style attribute is dangerous?
>
absolute positioning, maybe.
-Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: planet aggregation doing some editing?
Posted by Rodent of Unusual Size <Ke...@Golux.Com>.
Thom May wrote:
> it strips all tags that might allow malicious users to insert problematic
> code.
the style attribute is dangerous?
--
#ken P-)}
Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/
Author, developer, opinionist http://Apache-Server.Com/
"Millennium hand and shrimp!"
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: planet aggregation doing some editing?
Posted by Thom May <th...@planetarytramp.net>.
* Rodent of Unusual Size (Ken.Coar@Golux.Com) wrote :
> so, how come the aggregator is stripping out 'style=""' attributes?
> it turned '<span style="border: 1px solid;">' into '<span>', which
> caused some confusion for someone trying to follow something in one
> of my entries..
it strips all tags that might allow malicious users to insert problematic
code.
-T
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org