Here's a fun little game for you all!

I'm looking into adding support for using HTML markup in addition to WakabaMark, but since most boards use XHTML, I can't just let through any old HTML, and most people can't write well-formed XHTML. Also, I don't want any cross-site scripting going on. So I've tried to write a piece of code that takes any horribly written piece of HTML, sanitizes it by removing all tags and attributes that are not an approved list, checks the attribute values, and turns it into well-formed XML.

Now I'd like to see if anyone can break this. The objective is to get some Javascript onto the page, or making the page break in Firefox (or any other browser that parses XML strictly), or otherwise causing trouble. Have at it!

http://wakaba.c3.cx/test/sanitize.pl

> What about a(n) (optional) preview page?

I've been considering that, but it's a goddamn pain to implement. It'd be pretty useful, though. Also, it could include the spell checker someone requested way back at the beginning of time.

>>249
<a href> opens up the possibility of using inline links, and img tags allow bandwidth leeching from other sites (plus the fact that the image itself may be unsanitary).

> They can modify it an claim copyright on their modifications, at least as long as they're significant enough, but that doesn't affect existing works in the public domain.

Devil's advocate: What if they make significant changes you would want to add yourself? before you do? Can they then tell you to stop if they license their work first?

>>64
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeh? You are not the real >>64!!!

A trigger for turning wakabamark off and one for forcing a monospace font

>>86

>Why should it?

Because it's one of the two requirements for creating a new thread, and it's a lot more important to have a well-defined topic than to fill in your name.

>It's more convenient if you want to start a new thread, but for those who don't it's one more form to have to scroll by.

Good point.

>Any idea why?

I dunno. I guess it's just another one of Futaba's countless layout quirks.

| stays |

More information on the all threads page, date of the last post? file size?

A quote button that puts >>n and puts the post prefixed by > in the reply box

Different secret strings for different functions (e.g. one for ID generation and one for secure tripcodes)

Also, wouldn't making capcodes even more prevalent be considered A Bad Thing®? If anything, the role of capcodes should be minimized or altogether eradicated, in favor of ninja moderation.

Another question: would FUDGE_BLOCKQUOTES be considered deprecated by now, or are there still CSS styles out there that require it?

> the only boards that use them are image boards where you have to load images anyway.

Correction: http://www.akatsukimanga.com/kareha/

>>54
I really don't understand what the problem with the current system is. You must be confused. ┐('～`；)┌

n is implemented, but not for >> yet.

Also, >>1 is, as it is, only added to URLs of the form xx-yy and lxx. 2ch doesn't add >>1 for single-reply URLs, and if you're using commas, I figure you can add >>1 yourself if you want it. I'm not sure if this is the best behaviour, but that's how it works at the moment.

>>116
Good question! I tried to find out myself but just found some interesting but rather unhelpful links:
http://d.hatena.ne.jp/keyword/fusianasan
http://info.2ch.net/guide/faq.html#G5
http://ansitu.xrea.jp/guidance/?FAQ1

> You mean requiring SQL software, or just making backwards-incompatible changes that would screw up old threads?

I mean, needing to alter the table that is already in the database. I don't want to try to do that any more than I have to, as it's pretty hard to get right in a database-independent manner.

> Are you only referring to flooding and spamming, or also trolls and flamewars?

Yes, only flooding and spamming. Trolling and flamewars are not a problem one should use banning to try and solve.

> Finally, out of curiosity: how much of the functionality in the .js file do you think could be properly implemented into a new or existing perl script?

Well, if you serve up dynamic pages, you can do the form-filling on the server, but that's about it. The rest is dynamic stuff.

> metadata

Not sure, that would require a database redesign and I don't want to force people with a current install to do that. Also, it seems something like that would work better for a whole new script, properly designed around the idea.

> config.pl parameter for a generic image that takes the place of a deleted image (ie, Hello Kitty)

Ah, good, been meaning to do, forgot about.

> Fine-grained banning options that let you choose whether or not the user is blocked from reading a board, posting to a board, or both. Another parameter defines the duration of his ban ('0' for permaban), and another defines a reason/message displayed when the user tries to access a board.

None of those seem useful to me, because I'm of the opinion that bans are to prevent abuse, not to punish users.

> Replace HTML error pages with dialog box equivalents using JavaScript.

Would require a bunch of hidden-iframing and such. I'd like to do a complete re-design full of javascript trickery, and this idea would fit better in such a context... That is to say, I'm lazy and the current version is robust, and I'm loathe to go around changing it, since it would introduce new problems.

> Kill user deletion. I can't see any case for when it'd have constructive uses.

On image boards, it has a very definite use - people do fuck up and post in the wrong thread, or create new threads. It's better if they can clean up after themselves. In Kareha, you can already disable deletion.

> Conversion to mod_perl?

As far as I know, it should work in mod_perl already, modulo some prototype bugs. I'll try to get those fixed.

> The standalone thumbnailer project is a great idea too. As a suggestion, how about adding functionality to also read and thumbnail document files like TXT, PDF, and DOC?

That would require a LOT of code, especially when you don't want external dependencies, so it's a bit iffy.

How come this is now the by far biggest thread on this board?

Maybe it's because I'm posting useless replies like this one!

testing #`¦

> You don't see the link to the WakabaMark page either?

Nope... ?

> There's just a tiny little link there to let people do this. Is this really a such a huge bother to deal with? It's two words.

It's a link, it screams "Click me!". Most people don't need it most of the time, still it'll be there all of the time. How about style:none or something?

And sorry for being annoying. Strong opinions and all, no offense.

Also, I forgot to mention: fusianasan works now! Put it in as your name to test it!

> Huh?

You know, like [email protected].

Shiichan 2000 let you enter "down" to sage and "showip" for fusianasan, but it was mainly just a curiosity and was not used. There's no one English word that does the job of the pseudo-Japanese "sage". Better to have a tick-box and explain to people why it is useful. Or an option for it.

> Then the board has to be configurated to just do that (it already can).

No, 148 is referring to a user-end problem, not a server-end problem.

>>305

Shift-reload already! Also, most people are familiar with "More options..." links and know when and when not to click them. I might see about styling it, though.

>>101
If that is legit, then fusianasan needs to display IPs just like tripcodes: not bold/strong.

>>266

I told you to shift-reload!

I think you're a bit nutty, >>350...

I'll sign that partition for a separate admin script and XHTML interface (one that includes the banning, board nuking, and spamlist-changing functions in Wakaba).

How about adding flexibility to the DELETE_FIRST option in config.pl, using booleans to define when to keep or remove a thread (including AND/OR/NOT arguments)?

Also, options for both automated permasaging and pruning by postcount, creation date/time, and board position (all configurable in config.pl of course).

Some other layout points:

• The Title field should go above the Name and Link fields in 2ch mode.

• 2ch's "new thread" post box is at the bottom of the main page. From every practical standpoint, the current solution in Kareha is a lot more convenient, but you may want to go over that just in case.

• Futaba now uses "..." instead of ">>>" to prefix repy blocks.

>>58
Fuck you for giving me <blink>