Embed HTML as code blocks in comments

Deleted User

Deleted User last edited by

Can't embed HTML code with Markdowns code-block feature, see http://daringfireball.net/projects/markdown/syntax#precode

And HTML cannot be even postet if set in backticks!

HTML element link is always removed. Seee this block (is not visible!?):

<link href="/apple-touch-icon.png" rel="apple-touch-icon-precomposed" type="image/png">
<link href="/apple-touch-icon.png" rel="apple-touch-icon" type="image/png">
<link href="/apple-touch-icon.png" rel="icon" type="image/png">
<link href="/apple-touch-icon.png" rel="shortcut icon" type="image/png">
<link href="/favicon.ico" rel="shortcut icon" type="image/x-icon">

my posting was (see image):

---

---

I have write the HTML as:

< link href="/apple-touch-icon.png" rel="apple-touch-icon-precomposed" type="image/png">
< link href="/apple-touch-icon.png" rel="apple-touch-icon" type="image/png">
< link href="/apple-touch-icon.png" rel="icon" type="image/png">
< link href="/apple-touch-icon.png" rel="shortcut icon" type="image/png">
< link href="/favicon.ico" rel="shortcut icon" type="image/x-icon">

Your HTML filter is to rectricted!

ngamer01

ngamer01 last edited by

HTML has to be restricted or these forums risk abuse from outside vectors. Hackers have a huge arsenal of XSS vectors hidden within the depths of the HTML specification and if the HTML filter is eased up here, these forums will be at the mercy of 3rd parties that seek to do harm here.

Deleted User

Deleted User last edited by

@ngamer01
Did you understand my post? I wrote:

Can't embed HTML code with Markdowns code-block feature

The Markdown code-block feature escapes securly HTML.

HTML has to be restricted or these forums risk abuse from outside vectors

< irony > OMG! Yes, HTML is bad, bad unsecure Markup, not the browsers < /irony >

Is <script>alert(42)</script> a risk?
No, because, this is not executable by browsers!

Is <link src="bad.js">alert(42)</link> unsecure?
No, because, this is not executable by browsers!

Do you think people will post ugly UTF-7 encoded for injection in browsers?

Hackers have a huge arsenal of XSS vectors

Yes, i know. As webdeveloper i know the secrets of XSS and XSRF

if the HTML filter is eased up here, these forums will be at the mercy of 3rd parties that seek to do harm here

As a result, nobody can post correct examples for code here. One has to link to gists or pastebins from outside.

Asking for problems with browser bugs will hadicap people, if they cant post the relevant code.

OK, my fault, a support forum should not be a place for professional questions.
Thanks a lot.