http://qs1969.pair.com?node_id=206738


in reply to Re^4: Filtering potentially dangerous URI schemas in <a href="...">
in thread Filtering potentially dangerous URI schemas in <a href="...">

Then how about <font color="#ff0000" style="color: red"> ? But I can't demonstrate that since last I checked, style attributes got stripped from user text.

Makeshifts last the longest.

  • Comment on Re^5: Filtering potentially dangerous URI schemas in <a href="...">

Replies are listed 'Best First'.
Re: Re^5: Filtering potentially dangerous URI schemas in <a href="...">
by diotalevi (Canon) on Oct 23, 2002 at 01:16 UTC

    And my client-supplied CSS trumps everything you do on the web site. I wouldn't have every known you'd intended that to be differently colored until it came up. In general this is the "don't communicate solely through color" dictum.

    __SIG__
printf "You are here %08x\n", unpack "L!", unpack "P4", pack
  "L!", B::svref_2object(sub{})->OUTSIDE;

    [download]
[reply]
[d/l]
      Then how about class="unsafe"? The default could be bold red, with the "unsafe link" text prepended, and usersupplied CSS could style it as desired.

      Makeshifts last the longest.

[reply]

        Sure you could do a specific CSS class but unless you get all the potential users to add the .unsafe { blah blah } snippet to their CSS configuration then it's a moot point. I'm just thinking that if that went into the site documentation somewhere that it'd be mostly invisible since I don't expect people would notice. That's a guess anyway. I think all I'm reall saying is that you absolutely cannot count on color being available as a device for communication. It's quite obvious that if you prepend some sort of warning text like "Potentially Unsafe Link&lt;a href="mocha:alert('foo!')" &gt;link&lt;/a&gt; that something is going on.

        __SIG__
printf "You are here %08x\n", unpack "L!", unpack "P4", pack
  "L!", B::svref_2object(sub{})->OUTSIDE;

        [download]
[reply]
[d/l]
[select]

In Section Perl Monks Discussion