|
As a forum that's for coding, frankly I'm sick and tired of having to deal with some muppet's inability to sanitize input before it's displayed.
Why, o why, O WHY does the fricken forum convert the javascript onXXXXX attribute to amongst other things, garbage like this: "önclick" or "önchange" ad nauseum?
Sure, if people were trying to chuck a code in in such a manner that it would be executed, then sure - that's a perfectly reasonable case for content-modification. We hardly want some sneak putting (executing) javascript hidden in their posts. But when the bloody code is placed within pre blocks the behaviour is frankly amateurish and hacky.
We're not on a news-site, it's a place for programmers right? Well what about the one that went out to lunch and left that job unfinished? Even StackOverflow can get it right.
What am I missing? Why is it so hard?
Make it work. Then do it better - Andrei Straut
|
|
|
|
|
I have seen that several times, and I think it might be an issue in the underlying ASP.NET framework, as I have seen similar things on some ASP.NET websites I have worked on.
I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image.
Stephen Hawking
|
|
|
|
|
enhzflep asked: Who's the silly monkey that did this? (onchange --> önchange by CP)
That would be me. I've finished lunch now.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
Crap! I was hoping I wouldn't read you write that.
Know of any practises that specialize in the surgical removal of feet from mouths?
I need to make an appointment.
Perhaps some humility training would be good for me too.
Make it work. Then do it better - Andrei Straut
|
|
|
|
|
My bug, my blame.
The history of this bug is that we allow pretty much all HTML in messages, preferring to filter out what's not allowed rather than rendering only the tags that are allowed (as opposed to other sites that allow only a small subset of tags). We very quickly realised that we needed to filter out all the bad bits (as you saw), however, we were careful to only filter out bad bits that were actually in live tags.
So <a onclick=...
would not be subject to a filter, since it would render safely, but
<a onclick=...
was subject to the filter, since it was live and dangerous.
but over time we then added auto-HTML-encoding of tags within PRE blocks so that if someone entered HTML tags without HTML encoding them, they would render correctly. At this point I forgot to switch the filtering out to happen after auto-encoding, instead of before. Simple fix, and I'm sure many appreciate you raising the issue.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
I don't know which to offer first. My gratitude for the fix , or my apology for the tone of the report.
One could certainly understand if you uttered the famous words of Jim Richards at the '92 Bathurst 1000 from time to time.
Make it work. Then do it better - Andrei Straut
|
|
|
|
|
None of my mates died of a heart attack while I was fixing the bug so I don't reckon I qualify
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
I'm not sure if this is a bug or not...
In QA, code blocks have a "collapse" option - which is really handy when some idiot person posts their entire application with a single line of problem description at the bottom, or in the middle. It makes it so easy to remove the code block and see the question, as well as get to the comment button without scrolling down through the whole message.
I seem to remember that this worked in the forums too? Or am I just imagining that due too much cheese? Either way, it would be handly, particularly when you get a question like this: http://www.codeproject.com/Messages/4389640/tic-toe-game-not-working-as-expected-please-help.aspx[^]
Any chance it could be re-enabled (or added if that was a product of my fevered imagination) for the forums as well?
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
|
|
|
|
|
Hello, Wallace!
I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image.
Stephen Hawking
|
|
|
|
|
Cracking cheese, Grommit!
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
|
|
|
|
|
I have always loved Wallace and Grommit. I especially like 'The Curse of the Were-Rabbit'.
I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image.
Stephen Hawking
|
|
|
|
|
I still have a "Have you seen this chicken" mug.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
I removed this because the way we currently have it implemented is client side, and in scanning 50 messages and modifying (potentially) multiple PRE blocks in each, the page could slow down unacceptably.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
Hmm. See what you mean. Pity, but you have a good point!
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
|
|
|
|
|
|
Me too. Tried to vote on one of Eddy's answers and got the unknown error. IE8.
Why is common sense not common?
Never argue with an idiot. They will drag you down to their level where they are an expert.
Sometimes it takes a lot of work to be lazy
Please stand in front of my pistol, smile and wait for the flash - JSOP 2012
|
|
|
|
|
All fixed.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
+5
it works again!
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
None of them are urgent ...
- Is it possible to have some "expiration date" on the notifications ?
(user settings ?)
- It is possible to move the "refresh" link/button at the top of the forum ? Sometimes I leave my post and just hit the refresh button instead of reloading the whole page; now I have to scroll down to find it.
Nihil obstat
|
|
|
|
|
received the following when opening this link from the Insider in a new tab -
Quantum measurements leave Schrödinger's cat alive
Ticket: (No ticket provided - possibly an error in the error-system)
Error: An error occurred in this page. The error has been recorded and the site administrator informed.
Abort, Retry, Fail?_
|
|
|
|
|
I've found the issue - thanks. A new upload today should fix it.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
When i click on vote without selecting rating option it gives me the below message and voting section disappears.
There was an error while trying to rate this item. Please try again later.
Regards,
Jon
|
|
|
|
|
Fixed in next release. Thanks.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
Hi there! First of all, excellent work on all site features and in the revamped interface CodeProject has never been so great! (erm, actually, it has always been great, but the fact it is ever evolving makes it even nicer)
I would like to report an issue with the online article submission wizard, particularly in the article editor. Everytime I open the draft of one of my articles, it gets a " <br />" added after each of its lines. It is funny because if I close and reopen it 10 times, I will have 10 line breaks inserted between the lines, making everything giantly spaced.
This only happens if I close the article editor and reopen it. It doesn't happen when changing from HTML view to design view, or anything else I tried. To sidestep this issue I am currently saving the HTML of my current draft in Notepad I am using Chrome, if this is relevant.
Please keep up the good work!
Best regards,
Cesar
|
|
|
|
|
César de Souza wrote: This only happens if I close the article editor and reopen it
I'm trying to replicate and not having any luck here.
When you say "close the editor" do you mean you close the browser window or hit 'Cancel'? When you reopen are you clicking the "Update my article" link each time?
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|