lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 


Le 20 févr. 08 à 10:40, Paul Moore a écrit :


On 19/02/2008, Petite Abeille <petite_abeille@mac.com> wrote:

Is there a way to insert a code block without indenting every
line?


<code></code>?


So HTML markup is passed through unchanged? Surely that's fairly
insecure? It wouldn't be hard for a hacker to work out some sort of
<script></script> block that would do something nasty...
I think there are only a few tags allowed, <code> being one of them. But I haven't checked in the source. I know that Markdown doesn't filter this so it has to be added as a filter before Markdown filtering is launched. 

My comments:
1. You should probably get rid of Blueprint since it doesn't allow liquid design and that's what you want. Blueprint uses a grid, you obviously don't need one. IMO, I don't see blueprint getting support for liquid layout, it is not what it was designed for. 

It seems Blueprint forces you to have this kind of markup in your code:

            <div class='span-24'>
                &nbsp;
            </div>

            <div class='span-18 prepend-1 label'>
                &nbsp;
            </div>

            <div class='span-18 prepend-1'>
                &nbsp;
            </div>

Looks even worse than using tables and transparent gifs...

2. Links color : I suggest light blue
3. Code blocks : I suggest using overflow: auto; with a light background color and syntax coloring, as well as a copy/paste plain text version :)
4. File uploads : I suggest using ajax fun for posting the file to a form in an iframe. this way, you don't have to move to a new page, you can manage your files and your content on the same page. I have coded that for another project, I can help you with it if you want.
5. Filters : I haven't checked in your code but you should have a safe html filter in order to avoid your site being used for XSS attacks
6. I don't think it is possible to use your code with lighttpd and fastcgi for example since you seem to rely on your HTTP.lua server ? Unless I missed something of course. It might then be interesting to make it easier to deploy your work in such environments ? 




--
Bertrand Mansion
Mamasam
Work : http://www.mamasam.com
Blog : http://golgote.freeflux.net