Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Filtering of homenode html ON by default

by jdporter (Paladin)
on Apr 16, 2008 at 16:22 UTC ( [id://680851]=monkdiscuss: print w/replies, xml ) Need Help??

Following up to this subthread of another PMD, some people (myself included) feel that filtering HTML of homenodes should be on by default. This is a fairly major change, so its visibility should be maximized before it happens. As ysth said, this change "would need to be well advertised. But there's no point in doing so until someone steps forward to do the work." Well, I've done the work (two patches, not yet applied), so now I'm doing the advertising.

Note well, ye monks: This change will immediately revert all users to having homenode HTML filtering on. If you then decide you want to open up the filter to allow CSS, images, etc, then you can set the flag to allow this. A new checkbox will appear in your User Settings, replacing the one which currently says "Filter HTML of monks' homenodes".

Update: What gets filtered, you ask? The essential effect of this change is to invert the meaning of the "filter html" flag — the one currently labeled "Filter HTML of monks' homenodes" in User Settings. Instead of checking the checkbox to turn on filtering, you'd check it to turn off filtering. Among other things, this means that Anonymous Monk will have filtering on instead of off, and new users will have filtering on by default. But technically, under the hood, the change is being implemented with a new flag, which will initially be unset for all monks. And unset means off. To see what HTML gets filtered, see the existing FAQ, Filter HTML of monks' homenodes.

A word spoken in Mind will reach its own level, in the objective world, by its own weight

Replies are listed 'Best First'.
Re: Filtering of homenode html ON by default
by moritz (Cardinal) on Apr 16, 2008 at 16:26 UTC
    ++ for both the work and the announcement.

    I had a bad feeling about deliberately allowing cross site scripting attack ;-) so I welcome the change.

Re: Filtering of homenode html ON by default
by ysth (Canon) on Apr 17, 2008 at 06:36 UTC
    jdporter's patches to add and use the new user setting have been applied. The site documentation will catch up eventually.

    Note that the ability to disable filtering is likely a short-term option.

      Thanks, ysth! And thanks for announcing the change in Tidings.

      The site documentation will catch up eventually.

      In fact, I had already written the new text for Help for User Settings; all I had to do was uncomment it. :-)

      A word spoken in Mind will reach its own level, in the objective world, by its own weight
Re: Filtering of homenode html ON by default
by holli (Abbot) on Apr 16, 2008 at 18:16 UTC
    I think it would help if you would briefly mention what exactly would get filtered out. Just to prevent the server from collapsing of people super searching for that ;-)


    holli, /regexed monk/

      Yeah, good idea, have to link that here. Perl Monks Approved HTML tags gives all the details. This means you can't have forms, so no homenode buttons that talk on the chatterbox.

        No, homenodes are not filtered the same as other nodes (the list of allowed items is different; I don't have a pointer to that list handy). Last I looked, forms are allowed (several useful forms are on homenodes that don't chat annoying repetitions of phrases).

        - tye        

Re: Filtering of homenode html ON by default
by Argel (Prior) on Apr 16, 2008 at 20:55 UTC
      ++

    Given the current state of the Internet I think it's only a matter of time before it has to be done. Kudos for being proactive instead of waiting for disaster to strike!

Re: Filtering of homenode html ON by default
by alexm (Chaplain) on Apr 17, 2008 at 09:25 UTC

      This sounds like a good and well-needed change. However, I think it might have been implemented slightly differently. In my experience, negative options eventually lead to confusion. Couldn't the option have been left as "Filter HTML...", and the default be checked on?

      There are several other options that should be reversed in sense, and become:

      • Forced Preview
      • Hints On
      • Enable full JavaScript on homenodes
      • Navigation menu under title bar
      • April Foolery

      This avoids having awkward questions like "Did you turn off 'Turn Hints Off'?", or, "Did you enable 'disable some javascript?'".

      sas
Re: Filtering of homenode html ON by default
by tinita (Parson) on Apr 17, 2008 at 08:27 UTC
    thank you. i was always hoping for something like this. (although i'd prefer a different markup language than html-like, but that's another story)
Re: Filtering of homenode html ON by default
by Anonymous Monk on Apr 17, 2008 at 02:47 UTC
    Thanks :)

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: monkdiscuss [id://680851]
Approved by moritz
Front-paged by moritz
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others sharing their wisdom with the Monastery: (4)
As of 2024-03-28 22:41 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found