lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 

Le 20 févr. 08 à 10:40, Paul Moore a écrit :


On 19/02/2008, Petite Abeille <petite_abeille@mac.com> wrote:

Is there a way to insert a code block without indenting every
line?

<code></code>?

So HTML markup is passed through unchanged? Surely that's fairly
insecure? It wouldn't be hard for a hacker to work out some sort of
<script></script> block that would do something nasty...

I think there are only a few tags allowed, <code> being one of them.  
But I haven't checked in the source. I know that Markdown doesn't  
filter this so it has to be added as a filter before Markdown  
filtering is launched.

My comments:


1. You should probably get rid of Blueprint since it doesn't allow  
liquid design and that's what you want. Blueprint uses a grid, you  
obviously don't need one. IMO, I don't see blueprint getting support  
for liquid layout, it is not what it was designed for.

It seems Blueprint forces you to have this kind of markup in your code:

            <div class='span-24'>
                &nbsp;
            </div>

            <div class='span-18 prepend-1 label'>
                &nbsp;
            </div>

            <div class='span-18 prepend-1'>
                &nbsp;
            </div>

Looks even worse than using tables and transparent gifs...

2. Links color : I suggest light blue


3. Code blocks : I suggest using overflow: auto; with a light  
background color and syntax coloring, as well as a copy/paste plain  
text version :)

4. File uploads : I suggest using ajax fun for posting the file to a  
form in an iframe. this way, you don't have to move to a new page, you  
can manage your files and your content on the same page. I have coded  
that for another project, I can help you with it if you want.

5. Filters : I haven't checked in your code but you should have a safe  
html filter in order to avoid your site being used for XSS attacks

6. I don't think it is possible to use your code with lighttpd and  
fastcgi for example since you seem to rely on your HTTP.lua server ?  
Unless I missed something of course. It might then be interesting to  
make it easier to deploy your work in such environments ?




--
Bertrand Mansion
Mamasam
Work : http://www.mamasam.com
Blog : http://golgote.freeflux.net