Since I am firmly in the expose, don't hide camp, I would like to bring up a discussion about the fact the nodes on this site are editable by third parties. Not only can text be added, but annoying HTML markup and even javascript, which can be used to grab things that should not be (e.g. cookie info). How do we limit this? Nobody has a really malicious home node or post that I know of right now (although some log you out, which I find really rude), but it would be fairly easy to create a simple link in a post that would do Bad Things.

Perhaps we could limit HTML to simple things, like A, LI, OL, UL, etc. and only allow more advanced and/or easily abused things like FONT H1 SCRIPT to higher levels?

In reply to Javascript and other evil goodies by turnstep

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.