• Login
    • Search
    • Categories
    • Recent
    • Tags
    • Users
    • Groups
    • Rules
    • Help

    Do more on the web, with a fast and secure browser!

    Download Opera browser with:

    • built-in ad blocker
    • battery saver
    • free VPN
    Download Opera

    Embed HTML as code blocks in comments

    Feedback for the Forums
    2
    3
    1226
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Deleted User
      Deleted User last edited by

      Can't embed HTML code with Markdowns code-block feature, see http://daringfireball.net/projects/markdown/syntax#precode

      And HTML cannot be even postet if set in backticks!

      HTML element link is always removed. Seee this block (is not visible!?):

      <link href="/apple-touch-icon.png" rel="apple-touch-icon-precomposed" type="image/png">
      <link href="/apple-touch-icon.png" rel="apple-touch-icon" type="image/png">
      <link href="/apple-touch-icon.png" rel="icon" type="image/png">
      <link href="/apple-touch-icon.png" rel="shortcut icon" type="image/png">
      <link href="/favicon.ico" rel="shortcut icon" type="image/x-icon">
      

      my posting was (see image):



      I have write the HTML as:

      < link href="/apple-touch-icon.png" rel="apple-touch-icon-precomposed" type="image/png">
      < link href="/apple-touch-icon.png" rel="apple-touch-icon" type="image/png">
      < link href="/apple-touch-icon.png" rel="icon" type="image/png">
      < link href="/apple-touch-icon.png" rel="shortcut icon" type="image/png">
      < link href="/favicon.ico" rel="shortcut icon" type="image/x-icon">
      

      Your HTML filter is to rectricted!

      Reply Quote 0
        1 Reply Last reply
      • ngamer01
        ngamer01 last edited by

        HTML has to be restricted or these forums risk abuse from outside vectors. Hackers have a huge arsenal of XSS vectors hidden within the depths of the HTML specification and if the HTML filter is eased up here, these forums will be at the mercy of 3rd parties that seek to do harm here.

        Reply Quote 0
          1 Reply Last reply
        • Deleted User
          Deleted User last edited by

          @ngamer01
          Did you understand my post? I wrote:

          Can't embed HTML code with Markdowns code-block feature

          The Markdown code-block feature escapes securly HTML.

          HTML has to be restricted or these forums risk abuse from outside vectors

          < irony > OMG! Yes, HTML is bad, bad unsecure Markup, not the browsers 😉 < /irony >

          Is &lt;script&gt;alert(42)&lt;/script&gt; a risk?
          No, because, this is not executable by browsers!

          Is &lt;link src=&quot;bad.js&quot;&gt;alert(42)&lt;/link&gt; unsecure?
          No, because, this is not executable by browsers!

          Do you think people will post ugly UTF-7 encoded for injection in browsers?

          Hackers have a huge arsenal of XSS vectors

          Yes, i know. As webdeveloper i know the secrets of XSS and XSRF 🙂

          if the HTML filter is eased up here, these forums will be at the mercy of 3rd parties that seek to do harm here

          As a result, nobody can post correct examples for code here. One has to link to gists or pastebins from outside.

          Asking for problems with browser bugs will hadicap people, if they cant post the relevant code.

          OK, my fault, a support forum should not be a place for professional questions.
          Thanks a lot.

          Reply Quote 0
            1 Reply Last reply
          • First post
            Last post

          Computer browsers

          • Opera for Windows
          • Opera for Mac
          • Opera for Linux
          • Opera beta version
          • Opera USB

          Mobile browsers

          • Opera for Android
          • Opera Mini
          • Opera Touch
          • Opera for basic phones

          • Add-ons
          • Opera account
          • Wallpapers
          • Opera Ads

          • Help & support
          • Opera blogs
          • Opera forums
          • Dev.Opera

          • Security
          • Privacy
          • Cookies Policy
          • EULA
          • Terms of Service

          • About Opera
          • Press info
          • Jobs
          • Investors
          • Become a partner
          • Contact us

          Follow Opera

          • Opera - Facebook
          • Opera - Twitter
          • Opera - YouTube
          • Opera - LinkedIn
          • Opera - Instagram

          © Opera Software 1995-2025