The Watcher

david

netbros.com

You broke formatting on your last twt, @thecanine. It seems using <div> without a </div> is no good. I am not sure how to avoid it, other than disallowing that HTML element.

thecanine

twtxt.net

25 Feb 22 17:56 UTC

View Thread

@david @prologic That's strange. I was only testing it in the app and it worked perfectly fine there. HTML probably shouldn't be on by default anyway, as besides these accidents, I can see people trying to abuse it to break the site or experiment with some malicious code in there. 🤔

david

netbros.com

25 Feb 22 13:31 UTC-0500

View Thread

@thecanine yes, we need to fix this. We need to further limit the rendered HTML that is allowed on twts, or make them a pod management setting, so that pod administrators can define them.

david

netbros.com

25 Feb 22 13:50 UTC-0500

View Thread

@prologic, this is the raw entry on the feed, on that twt:


2022-02-25T17:12:08Z\tAll my Flist sites:
https://flist.glitch.me 
https://canines.42web.io 
https://www.nuegia.net/~canine/
now have a Ukraine flag ribbon on the top left corner, that I made using <div>s and CSS, to show at least some kind of support.

I know it doesn't help Ukraine in any way, but I still wanted to make it, so it's out there, for anyone wanting to put it on their sites or anywhere else. 🥴

david

netbros.com

25 Feb 22 13:58 UTC-0500

View Thread

Where on the code are the allowed HTML elements on a twt, @prologic? I know, for example, that <iframe> isn't allowed, so there must be a small subset being allowed (namely <span>). I have been thinking about this ever since I saw a huge <h1> recently.

david

netbros.com

25 Feb 22 14:04 UTC-0500

View Thread

Adding @xuu to this yarn, as he was interacting with me on this topic on IRC. What I am looking for doesn't seem to be within utils.go but I might be mistaken.

prologic

twtxt.net

25 Feb 22 21:14 UTC

View Thread

It's handled by blue Monday

prologic

twtxt.net

25 Feb 22 21:14 UTC

View Thread

It's handled by blue Monday

david

netbros.com

25 Feb 22 16:17 UTC-0500

View Thread

@prologic could you eli5? No control in code for it? How is <iframe> being stripped now?

prologic

twtxt.net

25 Feb 22 21:22 UTC

View Thread

I just woke up and about to head down for breakfast 😂 Lemme take a quick look 🤔

prologic

twtxt.net

25 Feb 22 21:22 UTC

View Thread

I just woke up and about to head down for breakfast 😂 Lemme take a quick look 🤔

prologic

twtxt.net

25 Feb 22 21:31 UTC

View Thread

We currently use the UGC Policy here... I'm not sure we should... Hmmm 🤔 Perhaps we should adopt a stricter policy?

prologic

twtxt.net

25 Feb 22 21:31 UTC

View Thread

We currently use the UGC Policy here... I'm not sure we should... Hmmm 🤔 Perhaps we should adopt a stricter policy?

prologic

twtxt.net

25 Feb 22 21:33 UTC

View Thread

Perhaps @ullarah can have a play with this today and try to define some polices on a StrictPolicy() (_effectively an empty one_) with all the right .Allow(...).On(...) calls for the bits we need to permit? 🤔

prologic

twtxt.net

25 Feb 22 21:33 UTC

View Thread

david

netbros.com

25 Feb 22 17:32 UTC-0500

View Thread

@prologic that’s the thing. The idea—I mean, the way I see it, but would love to see a debate about it—is to allow only what’s available on Markdown. So, the subset of HTML elements to allow is pretty short.

prologic

twtxt.net

25 Feb 22 22:57 UTC

View Thread

@david yeah I think in this case I think we need to rethink the policy and be rather strict rather than lax

prologic

twtxt.net

25 Feb 22 22:57 UTC

View Thread

@david yeah I think in this case I think we need to rethink the policy and be rather strict rather than lax