<![CDATA[Embed HTML as code blocks in comments]]>Can't embed HTML code with Markdowns code-block feature, see http://daringfireball.net/projects/markdown/syntax#precode

And HTML cannot be even postet if set in backticks!

HTML element link is always removed. Seee this block (is not visible!?):

<link href="/apple-touch-icon.png" rel="apple-touch-icon-precomposed" type="image/png">
<link href="/apple-touch-icon.png" rel="apple-touch-icon" type="image/png">
<link href="/apple-touch-icon.png" rel="icon" type="image/png">
<link href="/apple-touch-icon.png" rel="shortcut icon" type="image/png">
<link href="/favicon.ico" rel="shortcut icon" type="image/x-icon">

my posting was (see image):

I have write the HTML as:

< link href="/apple-touch-icon.png" rel="apple-touch-icon-precomposed" type="image/png">
< link href="/apple-touch-icon.png" rel="apple-touch-icon" type="image/png">
< link href="/apple-touch-icon.png" rel="icon" type="image/png">
< link href="/apple-touch-icon.png" rel="shortcut icon" type="image/png">
< link href="/favicon.ico" rel="shortcut icon" type="image/x-icon">

Your HTML filter is to rectricted!

]]>https://forums.opera.com/topic/2191/embed-html-as-code-blocks-in-commentsRSS for NodeFri, 13 Mar 2026 21:48:31 GMTTue, 22 Apr 2014 10:23:36 GMT60<![CDATA[Reply to Embed HTML as code blocks in comments on Wed, 23 Apr 2014 07:17:01 GMT]]>@ngamer01
Did you understand my post? I wrote:

Can't embed HTML code with Markdowns code-block feature

The Markdown code-block feature escapes securly HTML.

HTML has to be restricted or these forums risk abuse from outside vectors

< irony > OMG! Yes, HTML is bad, bad unsecure Markup, not the browsers 😉 < /irony >

Is &lt;script&gt;alert(42)&lt;/script&gt; a risk?
No, because, this is not executable by browsers!

Is &lt;link src=&quot;bad.js&quot;&gt;alert(42)&lt;/link&gt; unsecure?
No, because, this is not executable by browsers!

Do you think people will post ugly UTF-7 encoded for injection in browsers?

Hackers have a huge arsenal of XSS vectors

Yes, i know. As webdeveloper i know the secrets of XSS and XSRF 🙂

if the HTML filter is eased up here, these forums will be at the mercy of 3rd parties that seek to do harm here

As a result, nobody can post correct examples for code here. One has to link to gists or pastebins from outside.

Asking for problems with browser bugs will hadicap people, if they cant post the relevant code.

OK, my fault, a support forum should not be a place for professional questions.
Thanks a lot.

]]>https://forums.opera.com/post/36078https://forums.opera.com/post/36078Wed, 23 Apr 2014 07:17:01 GMT<![CDATA[Reply to Embed HTML as code blocks in comments on Tue, 22 Apr 2014 20:23:49 GMT]]>HTML has to be restricted or these forums risk abuse from outside vectors. Hackers have a huge arsenal of XSS vectors hidden within the depths of the HTML specification and if the HTML filter is eased up here, these forums will be at the mercy of 3rd parties that seek to do harm here.

]]>https://forums.opera.com/post/35998https://forums.opera.com/post/35998Tue, 22 Apr 2014 20:23:49 GMT