Embed HTML as code blocks in comments
-
Deleted User last edited by
Can't embed HTML code with Markdowns code-block feature, see
http://daringfireball.net/projects/markdown/syntax#precode
And HTML cannot be even postet if set in backticks!
HTML element link is always removed. Seee this block (is not visible!?):
<link href="/apple-touch-icon.png" rel="apple-touch-icon-precomposed" type="image/png"> <link href="/apple-touch-icon.png" rel="apple-touch-icon" type="image/png"> <link href="/apple-touch-icon.png" rel="icon" type="image/png"> <link href="/apple-touch-icon.png" rel="shortcut icon" type="image/png"> <link href="/favicon.ico" rel="shortcut icon" type="image/x-icon">
my posting was (see image):
I have write the HTML as:
< link href="/apple-touch-icon.png" rel="apple-touch-icon-precomposed" type="image/png"> < link href="/apple-touch-icon.png" rel="apple-touch-icon" type="image/png"> < link href="/apple-touch-icon.png" rel="icon" type="image/png"> < link href="/apple-touch-icon.png" rel="shortcut icon" type="image/png"> < link href="/favicon.ico" rel="shortcut icon" type="image/x-icon">
Your HTML filter is to rectricted!
-
ngamer01 last edited by
HTML has to be restricted or these forums risk abuse from outside vectors. Hackers have a huge arsenal of XSS vectors hidden within the depths of the HTML specification and if the HTML filter is eased up here, these forums will be at the mercy of 3rd parties that seek to do harm here.
-
Deleted User last edited by
@ngamer01
Did you understand my post? I wrote:Can't embed HTML code with Markdowns code-block feature
The Markdown code-block feature escapes securly HTML.
HTML has to be restricted or these forums risk abuse from outside vectors
< irony > OMG! Yes, HTML is bad, bad unsecure Markup, not the browsers < /irony >
Is
<script>alert(42)</script>
a risk?
No, because, this is not executable by browsers!Is
<link src="bad.js">alert(42)</link>
unsecure?
No, because, this is not executable by browsers!Do you think people will post ugly UTF-7 encoded for injection in browsers?
Hackers have a huge arsenal of XSS vectors
Yes, i know. As webdeveloper i know the secrets of XSS and XSRF
if the HTML filter is eased up here, these forums will be at the mercy of 3rd parties that seek to do harm here
As a result, nobody can post correct examples for code here. One has to link to gists or pastebins from outside.
Asking for problems with browser bugs will hadicap people, if they cant post the relevant code.
OK, my fault, a support forum should not be a place for professional questions.
Thanks a lot.