Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re^5: Filtering potentially dangerous URI schemas in <a href="...">

by Aristotle (Chancellor)
on Oct 21, 2002 at 00:00 UTC ( #206738=note: print w/replies, xml ) Need Help??


in reply to Re^4: Filtering potentially dangerous URI schemas in <a href="...">
in thread Filtering potentially dangerous URI schemas in <a href="...">

Then how about <font color="#ff0000" style="color: red"> ? But I can't demonstrate that since last I checked, style attributes got stripped from user text.

Makeshifts last the longest.

  • Comment on Re^5: Filtering potentially dangerous URI schemas in <a href="...">

Replies are listed 'Best First'.
Re: Re^5: Filtering potentially dangerous URI schemas in <a href="...">
by diotalevi (Canon) on Oct 23, 2002 at 01:16 UTC

    And my client-supplied CSS trumps everything you do on the web site. I wouldn't have every known you'd intended that to be differently colored until it came up. In general this is the "don't communicate solely through color" dictum.

    __SIG__ printf "You are here %08x\n", unpack "L!", unpack "P4", pack "L!", B::svref_2object(sub{})->OUTSIDE;
      Then how about class="unsafe"? The default could be bold red, with the "unsafe link" text prepended, and usersupplied CSS could style it as desired.

      Makeshifts last the longest.

        Sure you could do a specific CSS class but unless you get all the potential users to add the .unsafe { blah blah } snippet to their CSS configuration then it's a moot point. I'm just thinking that if that went into the site documentation somewhere that it'd be mostly invisible since I don't expect people would notice. That's a guess anyway. I think all I'm reall saying is that you absolutely cannot count on color being available as a device for communication. It's quite obvious that if you prepend some sort of warning text like "Potentially Unsafe Link&lt;a href="mocha:alert('foo!')" &gt;link&lt;/a&gt; that something is going on.

        __SIG__ printf "You are here %08x\n", unpack "L!", unpack "P4", pack "L!", B::svref_2object(sub{})->OUTSIDE;

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://206738]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (4)
As of 2022-12-06 21:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?