I have another idea on the back of my mind, but I think I need feedback before I touch the relative code.
At the moment one can write
anything in the news box. This is nice (images, videos!), although it can lead to serious trouble. I have already fixed the nasty kind (http://xkcd.com/327/), but accepting html and javascript is still a problem.
I'd like to filter more stuff then, but without cutting useful features. I was thinking about:
- filter all html stuff (I can either remove it silently or make it appear as inactive code)
- accept links and do smart things: e.g., if one sends a youtube link, the video gets embedded, same with images.
Would that work? Is there anything else that would make sense?
Maybe some text formatting such as *bold text* or ZCTxxx becoming links to the track page?
thanks for the added security!
Since the shoutbox has very limited use, disabling HTML would not be a real issue IMHO. Formatiing is not that necessary either.
auto-links to track pages is space technology :)
Quote from: dreadnaut on August 21, 2013, 11:52:25 AM
I'd like to filter more stuff then, but without cutting useful features. I was thinking about:
- filter all html stuff (I can either remove it silently or make it appear as inactive code)
- accept links and do smart things: e.g., if one sends a youtube link, the video gets embedded, same with images.
Would that work? Is there anything else that would make sense?
Maybe some text formatting such as *bold text* or ZCTxxx becoming links to the track page?
Sounds perfect to me. On seeing this topic my gut reaction was "add a Markdown parser"; however, Zak is right in saying that formatting is inessential - little "smart things" like the ones you suggested are far more interesting.
Space technology, here we go! 8) Things that are recognised in the shoutbox:
* stuff like www.something.abc and http/https links become clickable
* links to youtube videos (youtube.com or youtu.be) become tiny video players
* links to an image will show the image itself
* links to forum topics will have the topic title pulled from the database!
* ZCT<number> become links to the track results
* *something* and _something_ can be used to emphasize words
Other suggestions?
Quote from: dreadnaut on September 13, 2013, 05:41:18 PM
* links to forum topics will have the topic title pulled from the database!
That is really cool! 8)
Aaaand... smileys! All those available in the forum :o :P :-X ;D
Nice work! Thanks!
Mr Awesome!!!! many thanks!
Quote from: zaqrack on September 14, 2013, 02:45:20 PM
Mr Awesome!!!! many thanks!
That was a coming out, huh?
please do no add a feature "- something -" resulting in "somthing" (most hated thing in gtalk..) i also do not like *sth* but it is more tolerable than that dashed thing :-/
I can probably remove *something* and leave only _something_, since bold does not actually work at that text size.
Quote from: dreadnaut on September 14, 2013, 11:56:14 PM
I can probably remove *something* and leave only _something_, since bold does not actually work at that text size.
The above, and I added a list of the available shortcuts to the post news (http://zak.stunts.hu/index.php?page=postnews) page.
ZCTnnn track names now work in the admin news too. Also, fixed markdown not being markdowned in the archives.