lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Le 20 févr. 08 à 10:40, Paul Moore a écrit :

On 19/02/2008, Petite Abeille <> wrote:
Is there a way to insert a code block without indenting every


So HTML markup is passed through unchanged? Surely that's fairly
insecure? It wouldn't be hard for a hacker to work out some sort of
<script></script> block that would do something nasty...

I think there are only a few tags allowed, <code> being one of them. But I haven't checked in the source. I know that Markdown doesn't filter this so it has to be added as a filter before Markdown filtering is launched.

My comments:

1. You should probably get rid of Blueprint since it doesn't allow liquid design and that's what you want. Blueprint uses a grid, you obviously don't need one. IMO, I don't see blueprint getting support for liquid layout, it is not what it was designed for.

It seems Blueprint forces you to have this kind of markup in your code:

            <div class='span-24'>

            <div class='span-18 prepend-1 label'>

            <div class='span-18 prepend-1'>

Looks even worse than using tables and transparent gifs...

2. Links color : I suggest light blue

3. Code blocks : I suggest using overflow: auto; with a light background color and syntax coloring, as well as a copy/paste plain text version :)

4. File uploads : I suggest using ajax fun for posting the file to a form in an iframe. this way, you don't have to move to a new page, you can manage your files and your content on the same page. I have coded that for another project, I can help you with it if you want.

5. Filters : I haven't checked in your code but you should have a safe html filter in order to avoid your site being used for XSS attacks

6. I don't think it is possible to use your code with lighttpd and fastcgi for example since you seem to rely on your HTTP.lua server ? Unless I missed something of course. It might then be interesting to make it easier to deploy your work in such environments ?

Bertrand Mansion
Work :
Blog :