Here's a fun little game for you all!

I'm looking into adding support for using HTML markup in addition to WakabaMark, but since most boards use XHTML, I can't just let through any old HTML, and most people can't write well-formed XHTML. Also, I don't want any cross-site scripting going on. So I've tried to write a piece of code that takes any horribly written piece of HTML, sanitizes it by removing all tags and attributes that are not an approved list, checks the attribute values, and turns it into well-formed XML.

Now I'd like to see if anyone can break this. The objective is to get some Javascript onto the page, or making the page break in Firefox (or any other browser that parses XML strictly), or otherwise causing trouble. Have at it!

http://wakaba.c3.cx/test/sanitize.pl

http://wakaba.c3.cx/sup/kareha.pl/1099697376/101-101
(First "Next 100" link) does not include >>1 in that thread

There's also some weird bug where the entire browser windowd content goes black, dunno what that is about...

> but when I hit refresh I get the same order.

Browser cache. Try shift-refresh.

It doesn't take a specific range, just >>r30 for 30 random posts.

Oh, and "AA mode" should be changed to "Text art mode" so we won't be incessantly quibbling about the difference between ASCII and SJIS art.

>>251

Again, the list of tags allowed on that page don't correspond to what would be allowed in Kareha. Of course <img> tags wouldn't be allowed, for instance. This is just for testing the actual cleanup engine.

> Why not make None or Text Art the default?

Because >>309. I don't want to implement half of WakabaMark for the None mode, and without it you don't get stuff like quote highlighting.

> Also, can you make >> links into anchors('#') when you're on the reply/entire thread page, especially in Wakaba?

Er, that is exactly how Wakaba works right now? And Kareha can't change the contents of posts dynamically, so it'll never do it.

Why would there be any use in writing actual HTML in posts? Seems to me like it's just inviting abuse.

> people like admins might prefer to use them

but they have capcodes now...

>>180

The one with encoded Javascript that makes you post with fusianasan is cute.

I found this:

fusianasan【ふしあなさん】［名・自ｽﾙ］
２ちゃんねるに書き込みする際に名前欄に「fusianasan」の文字列を入力すると、その書き込みをした人のリモートホストのＩＰアドレスがさらされるようになっている。
本来は「（固定ハンドル)@fusianasan」などとして、まだキャップを取得していない固定ハンドルが自らＩＰをさらすことで騙りを防ぐためのシステムである。
が、裏２ちゃん関係のコピペが横行するに至って、一時期うっかりＩＰをさらしてしまう。
エロな人間が続出し、fusianasan廃止要望まで唱えられるに至った(当然却下されたが)。
ＩＰをさらすことだけによる危険は、そのＩＰから手元で使用中のコンピュータを一意に特定でき
（ex：グローバルＩＰによる常時接続）、かつプロキシ・サーバー、ファイヤーウォールなどの防御策を怠っている場合にしか及ばないので、
fusianasanに引っかかったからといって実はそこまで神経質になることもなかったりする。
……過去にＩＰから仕事中に政府機関から２ちゃんねるにつないで裏２ちゃんに入ろうとしていた愚か者が釣れてさらされたという事例はあるが。
なお、現在では一部の板でデフォルトの名無しさん（名前欄未記入時の名前）が「fusianasanさん」などfusianasanを含む名前となっている場合がある。
また、串の性能を試すために敢えて裏２ちゃんに引っかかっていると思われる強者もちらほら見受けられる。

類義語：mokorikomo
参照：裏２ちゃん、キャップ

What does Thorn have to do with Kareha? Thorn's counterpart is Wakaba.

Anyway, the version of Shiichan on world4ch is bust. It's not a case of feature versus feature here, Shiichan simply doesn't work. It's not worth comparing until it doesn't break regularly.

If Shii were still working on it might be different, but Shiichan is effectively a dead project which incidentally has a closed and broken version working on world4ch.

How about appending an estimated (at the time of thread creation) time of pruning to the first post's header, if pruning-by-age is enabled?

> Why?

I am not the user who initiated this parition but I find them to be triggered far too often.

> On another note, why have I seen partition instead of petition multiple times?

An old imageboard meme. Don't ask!

I hate that blue link next to the reply box! It looks ugly!

Also, there's no "Less options..."

Can't this be somewhere else but the post form?

Random post: The test thread could use some linking in the notes at the bottom (what's the common nomenclature for that one?).

> some other trickery

I smell JavaScript coming in about >>90-120

> Did you ditch customizable capcodes?

No, I removed the dumbass capcode I put in as a demonstration, because I don't like capcodes.

> Using "◆" as the default tripkey character.

I dunno, I always thought that was a kind of big and annoying symbol. Especially when it's so close visually to the question-mark-in-diamond marker some fonts use for characters they don't support.

> How about placing the Formatting menu to the left or right of the "File: " field? I'd also like to see WakabaMark changed to its real name (Markdown).

The File field is almost never there. Also, WakabaMark is similar to, but not the same as Markdown. There are significant differences that make them incompatible (since Markdown is designed to be used when you know you're using it, but WakabaMark tries as best as it can to not do unexpected things if you don't know about it). I might add optional support for real Markdown at some point.

> In Pseud0ch, post numbers should be the same size/format as the rest of the header text

I tried, and it looked much worse than the current solution. Besides, post numbers in Kareha and 0ch aren't the same, since they're clickable here.

> PS. What's "Raw HTML"?

Pretty useless. I'll probably remove it. It's HTML input without turning newlines into <br/>.

> Oh, and "AA mode" should be changed to "Text art mode"

Maybe just "Text art"... hmm.

>>183

No, that's just plain wrong. It is very much the job of the programmer to decide on such issues, and make sure they work consistently across boards.

>>196
Actually, a solution to >> links with static pages is to simply make them reference a certain point on a certain page number for that thread (ie, http://wakaba.c3.cx/sup/1129153864/index2.html#197).

> The Title field should go above the Name and Link fields in 2ch mode.

Why should it?

> From every practical standpoint, the current solution in Kareha is a lot more convenient

It's more convenient if you want to start a new thread, but for those who don't it's one more form to have to scroll by.

> Futaba now uses "..." instead of ">>>" to prefix repy blocks.

Any idea why?

Kareha:

• Conforming of navigation to 0ch standards for conveniency, efficiency, etc., i.e.
• Navigation links also at the bottom of the thread pages
• "First 100" to be replaced with "Next 100" (and "Previous 100") in thread pages
• First post always showing up, even for later quoted ranges. Currently, you can supress this on 0ch by identing "n" before the post range.
• Default l50 links in all lists

• Automated archiving, i.e.
• Automatic thread closing at a configured number of replies and/or thread size (recommended default values: 1000 posts or 512KB)
• Automatic closing and moving of threads that do not get any activity in a certain timeframe (based on average activity frequency of the board)

• Bonus features (not really important):
• Fusianasan (reveal hostname by entering fusianasan or [string] into Name field)
• Customizable Capcodes (please more than just "Admin", perhaps fancy colours)

> but when I hit refresh I get the same order.

Browser cache. Try shift-refresh.

It doesn't take a specific range, just >>r30 for 30 random posts.

>>110
Happened to me, too, sometimes it goes black, sometimes it goes white. Screen reappears if you just scroll up a bit but it's still strange.

>>137
I'd advocate going for a separate interface a-la Wakaba, but it might be a bit too much to do for this release.

Also, maybe Easter Eggs like the Eternal September timestamp and others (if they exist) should be documented in config.pl.

Lastly, a question: who here finds enough use in the auto-expanding comment box to justify the annoyances when you click in or out of it?

At least i got 350

> The "entire thread" link can easily be changes to link to the files in /res/ instead of going through the script, but that would make it somewhat less convenient when you want to consturct custom URLs, so I haven't done it.

A better solution would be to use mod_rewrite to rewrite all /kareha.pl/$number/ links to /res/$number.html
It schould be a lot faster then running the script and the links stay the same.

All right, new version installed. This one has a bunch of layout changes, and some big changes in the CSS, so you'll need to make sure the CSS is loaded by shift-reloading. Also, fixing all the CSS files was a huge pain in the ass. Have a look around to see if there are any obvious mistakes, but be gentle, because this has given me a headache.

Also, I couldn't be arsed to fix Amber, since it was just a joke in the first place.