Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re: Better keyboard-driven navigation, any? - yes... (cautions)

by tye (Sage)
on Jul 27, 2008 at 18:42 UTC ( #700408=note: print w/replies, xml ) Need Help??


in reply to Better keyboard-driven navigation, any? - yes...

You don't have to escape the brackets (in the Free Nodelet) if you just put the javascript inside of an HTML comment.

Be a bit cautious when putting large amounts of data into settings such as free nodelet, signature, node template, etc. All settings get encoded into text and stored in a node which will (at least as things are currently implemented) silently be truncated if the result is longer than 64kB, perhaps losing all of your settings.

I've updated Free Nodelet Settings to report how much space is being used, including a note as to why that is important.

You should disclaim that doing as you "urge" also means that anybody who does so is subject not just to bugs but also to potential maliciousness. For example, it isn't particularly hard to set up a web server such that keypress.js will rarely serve up a hacked version that forwards the person's PerlMonks cookie to you in a private message.

Several potential ways to address such risks come to mind, with varying trade-offs. But I don't have time at the moment to go into those, so I just wanted to make sure people were aware of the risk, however small (given shmem's long history).

- tye        

  • Comment on Re: Better keyboard-driven navigation, any? - yes... (cautions)

Replies are listed 'Best First'.
Re^2: Better keyboard-driven navigation, any? - yes... (cautions)
by shmem (Chancellor) on Jul 27, 2008 at 22:08 UTC

    Of course it is risky to load javascript from unknown servers, and even though that particular one is under my sway and I am the only one with root access, bad things might happen, worse than bugs - some evildoer in the hosting company... then, although I have not so bad a reputation inside the monastery, I could be a dork outside ;-)

    Pointing out the risk is fair, well done. The safest thing to do is to grab the source, review it and place it on a server of one's own trust; I updated the OP accordingly. - I myself included in my 'Free Nodelet' some JavaScript of Corion's craft, and to be honest, I only wrote this piece to be able to retaliate if he is ever going to steal my cookie... :-D

    --shmem

    _($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                                  /\_¯/(q    /
    ----------------------------  \__(m.====·.(_("always off the crowd"))."·
    ");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}
Re^2: Better keyboard-driven navigation, any? - yes... (cautions)
by Anonymous Monk on Jul 28, 2008 at 08:27 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://700408]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (3)
As of 2019-07-20 09:36 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?