Blha
posted by story on September 3rd, 2008 at 10:21AM
posted by story on September 3rd, 2008 at 10:21AM
>you can thank dsk for making it necessary.
1) The 'crapflooding' was a little joke I played on dennis. He edited my awesome quote unnecessarily. Every time I reverted it, he reverted it back. So I made a little script to make sure the original quote was not changed. I even named it "DennisGriefing". I ran the script for a few hours and then just killed it. Malicious? Nah. Fun? Yep (I dare anyone to tell me they wouldn't find 'Dennis Griefing' a bit fun).
Little did I know that you were going to 'fix' this by implementing an unnecessary, overly strict, and sloppy solution.
>Since there's no way of algorithmically determining what's malicious, just don't post script.
You escape the script tag. That's all. That one was a "lets-see-if-dave-covered-his-ass" sort of thing. Followed by "Lets-tease-him-a-bit-because-he-didn't". And even then it was something that could be easily edited away.
This is kind of sad that you took is so personally, and I have to explain it all away. Take a chill pill and lighten-up. No damage was done, besides the damage done by your recent modifications (and of course the damage done to your ego)
Btw, I just entered the characters < ! - - , and your site broke horribly. I removed it however, just in case you fix this problem by simply banning the use of "!", "-" and "<", and any user that submits them! (oh oh!)
Don't use me as a scapegoat in lieu of your sloppy coding!
//Btw, in my *2nd year* web-app course, the TA would take as much as 40% for not sanitizing user-submitted strings properly. Maybe math majors are taught to assume perfect input.
1) The 'crapflooding' was a little joke I played on dennis. He edited my awesome quote unnecessarily. Every time I reverted it, he reverted it back. So I made a little script to make sure the original quote was not changed. I even named it "DennisGriefing". I ran the script for a few hours and then just killed it. Malicious? Nah. Fun? Yep (I dare anyone to tell me they wouldn't find 'Dennis Griefing' a bit fun).
Little did I know that you were going to 'fix' this by implementing an unnecessary, overly strict, and sloppy solution.
>Since there's no way of algorithmically determining what's malicious, just don't post script.
You escape the script tag. That's all. That one was a "lets-see-if-dave-covered-his-ass" sort of thing. Followed by "Lets-tease-him-a-bit-because-he-didn't". And even then it was something that could be easily edited away.
This is kind of sad that you took is so personally, and I have to explain it all away. Take a chill pill and lighten-up. No damage was done, besides the damage done by your recent modifications (and of course the damage done to your ego)
Btw, I just entered the characters < ! - - , and your site broke horribly. I removed it however, just in case you fix this problem by simply banning the use of "!", "-" and "<", and any user that submits them! (oh oh!)
Don't use me as a scapegoat in lieu of your sloppy coding!
//Btw, in my *2nd year* web-app course, the TA would take as much as 40% for not sanitizing user-submitted strings properly. Maybe math majors are taught to assume perfect input.
|
|
posted by story on September 3rd, 2008 at 11:48AM
I'm still for using a whitelist for html tags in submitted content.
|
