1 2014-04-14T09:11:49 *** greg_f
2 2014-04-14T12:44:22 *** dave_largo
3 2014-04-14T13:04:42 *** Guest8738
4 2014-04-14T13:38:04 *** derdon
5 2014-04-14T13:39:34 *** xiaq
6 2014-04-14T13:39:58 *** xiaq
7 2014-04-14T14:00:08 *** RogerHaase
8 2014-04-14T16:19:54 <RogerHaase> ThomasWaldmann: fix #7 and broken bits of transclusions in moinwiki, rest, and markdown parsers https://codereview.appspot.com/85920045/
9 2014-04-14T17:21:52 *** skathpalia
10 2014-04-14T17:26:52 *** skathpalia
11 2014-04-14T17:40:59 * ThomasWaldmann looks
12 2014-04-14T17:42:44 <ThomasWaldmann> RogerHaase: style attributes are dangerous
13 2014-04-14T17:43:29 <ThomasWaldmann> and class attrs are not flexible, you can only use stuff that's already somewhere in the css
14 2014-04-14T17:46:37 *** greg_f
15 2014-04-14T17:49:05 <RogerHaase> ThomasWaldmann: is there a wy to make style attr not dangerous? else we have to create css classes. Align is not an html5 option: http://www.w3schools.com/tags/tag_img.asp
16 2014-04-14T17:49:46 <ThomasWaldmann> RogerHaase: no, way too many possibilities to sneak in js code and do xss or other attacks
17 2014-04-14T17:50:27 <ThomasWaldmann> so we can't take stuff from user and put it into style attr
18 2014-04-14T17:50:57 <ThomasWaldmann> so it is either class or style just generated from US (not user)
19 2014-04-14T17:51:50 * ThomasWaldmann noticed that some time ago when just wanting to implement a "harmless" span macro to style stuff
20 2014-04-14T17:52:11 <RogerHaase> ok, will try again with just using css classes
21 2014-04-14T19:19:06 *** skathpalia
22 2014-04-14T20:20:12 <RogerHaase> ThomasWaldmann: is the alt text or class somehow less troublesome than style?
23 2014-04-14T20:44:24 *** skathpalia
24 2014-04-14T21:03:05 *** dave_largo
25 2014-04-14T22:14:15 *** RogerHaase
26 2014-04-14T23:14:58 *** derdon
27
MoinMoin: MoinMoinChat/Logs/moin-dev/2014-04-14 (last edited 2014-04-14 09:15:02 by IrcLogImporter)