in reply to (Ovid) RE(2): I voted -- and I am a hypocrite.
in thread Javascript and other evil goodies

For me your home node is now a visual booby-trap.

Should embedded CSS become common, I will have to start consistently avoiding home nodes. If they become used elsewhere on a regular basis, I will stop visiting PM.

BTW one concern of mine. I use a lot of Netscape. It is very easy to cause serious problems for Netscape without knowing it, and some here do not care. Should that become common, you will lose a lot more than just me...

  • Comment on RE (tilly) 3: I voted -- and I am a hypocrite.

Replies are listed 'Best First'.
Avoiding home nodes
by tye (Sage) on Aug 22, 2000 at 23:04 UTC

    I already avoid home nodes. Several load off-site images, some of which are actually documented as being used to track visits to their home node. Several now grab the userpass cookie, one forwarding it to another site (after stripping the password -- last time I checked). I don't want to be the one who finds the first truely nasty home node.

    At least non-home nodes very rarely have any interesting HTML (and those that do usually get voted down -- probably why this is still rare).

    As for home-node buttons that send public chat requests, I thought the first one was cute but got tired of it before I even noticed a second one. I've been waiting for the fad to die but am disappointed so far. I don't mind the buttons that post private messages back to the node's owner (though I wonder what the denial-of-service-attack potential for the node owner or the site is). I particularly like Adam's random node button. Posting private messages back to the button pusher is probably harmless.

    It is ironic that my favorite web site has also become my most worrisome. I'm about to switch to my former paranoid ways of disabling javascript and autoloading of images and only turning them on for the few sites that both become useless without them and are important.

    A compromise did cross my mind. I'd love to see only specific HTML tags allowed in posts and home nodes. Then I could be curious about a monk and not worry about what tricks they might think are cute today...

    But each monk (level 5 and above) could have a "play node" where they can post any HTML they want to. Then you could go look at their tricks with the relative safety of knowing who did it (and that they risked throwing away the time it took them to get to level 5 if they did something truely nasty).

    As for off-site links, the browsers I use make it easy to see where a link is going before I click on it. Plus, there are plenty of legitimate reasons to have an off-site link in a post or home node. So I'd not ban those.

            - tye (but my friends call me "Tye")
RE: RE (tilly) 3: I voted -- and I am a hypocrite.
by bastard (Hermit) on Aug 23, 2000 at 18:34 UTC
    Along these lines I think a possible solution would be to give the user the choice of what to filter out.

    In their settings page, give them options to filter out the following:

    • Javascript
    • CSS
    • Font customizations
    • advanced tags (<layer>, <embed>, <iframe>, etc...) # personally I would remove these all the time
    • other tags...
    • user customized tag entry

    Perhaps each of these could even be set via a dropdown. Where the dropdown contains the minimum level of monk you want the tags to be enabled for.

      So tell you have an image in your home node again?

      IMO it is safest to by default filter out everything you are not positive you want and then start being permissive. Though if some really want their own CSS I would prefer an option to turn it off rather than accept it all of the time...

        Actually no, I have a table pretending to be an image. (built by a short perl script) I use a layer and an iframe (similar the the ads on the top of the page) to reference the html source of the table on my site.

        Each time I figured out a way to actually use the IMG tag, I let vroom know, and he fixed it. There are 2 other ways that I could put an image on my page, but out of deference to the system, I choose not to. Instead I emulate an image.

        I agree that a lowest first method should be taken. For the dropdowns, give options of All, 1, 2, 3, 4, 5, 6, 7, 8, 9, None. Numbers would correspond the level of monk that you are deciding to not filter out.