If you want to have a look at what the code actually does to dig out flaws, here is the current version:

sub sanitize_html($%)
{
	my ($html,%tags)=@_;
	my (@stack,$clean);
	my $entity_re=qr/&(?!\#[0-9]+;|\#x[0-9a-fA-F]+;|amp;)/;

	while($html=~/(?:([^<]+)|<([^<>]*)>?)/g)
	{
		my ($text,$tag)=($1,$2);

		if($text)
		{
			$text=~s/$entity_re/&amp;/g;
			$text=~s/>/&gt;/g;
			$clean.=$text;
		}
		else
		{
			if($tag=~m!^\s*(/?)\s*([a-z0-9_:\-\.]+)(?:\s+(.*?)|)\s*(/?)\s*$!si)
			{
				my ($closing,$name,$args,$implicit)=($1,lc($2),$3,$4);

				if($tags{$name})
				{
					if($closing)
					{
						if(grep { $_ eq $name } @stack)
						{
							my $entry;

							do {
								$entry=pop @stack;
								$clean.="</$entry>";
							} until $entry eq $name;
						}
					}
					else
					{
						my %args;

						$args=~s/\s/ /sg;

						while($args=~/([a-z0-9_:\-\.]+)(?:\s*=\s*(?:'([^']*?)'|"([^"]*?)"|['"]?([^'" ]*))|)/gi)
						{
							my ($arg,$value)=(lc($1),defined($2)?$2:defined($3)?$3:$4);
							$value=$arg unless defined($value);

							my $type=$tags{$name}{args}{$arg};

							if($type)
							{
								my $passes=1;

								if($type=~/url/i) { $passes=0 unless $value=~/(?:^$protocol_re:|^[^:]+$)/ }
								if($type=~/number/i) { $passes=0 unless $value=~/^[0-9]+$/  }

								if($passes)
								{
									$value=~s/$entity_re/&amp;/g;

									if($value=~/"/) { $value="'$value'" }
									else { $value="\"$value\"" }

									$args{$arg}=$value;
								}
							}
						}

						my $cleanargs=join " ",map { "$_=$args{$_}" } keys %args;

						$implicit="/" if($tags{$name}{empty});

						push @stack,$name unless $implicit;

						$clean.="<$name";
						$clean.=" $cleanargs" if $cleanargs;
						$clean.=" $implicit" if $implicit;
						$clean.=">";
					}
				}
			}
		}
	}

	my $entry;
	while($entry=pop @stack) { $clean.="</$entry>" }

	return $clean;
}

> Pruning set to furthest-back instead of oldest.

I don't like this one. You just have to continually age a topic (until it hits the permasage treshold) in order for it so survive a long time. Normal users might have good reason to ignore simply it, though...

> Size limit instead of post number limit, maybe?

Sounds good.

> I was thinking of setting the default behaviour to never permasage or close threads.

I guess I don't have a strong opinion on this one. As long as the values will be customizable, I don't really care, I suppose.
Also: I just noticed that "¦" in tripcodes will work correctly but turn into "�U" through the cookie on /soc/ but not on the sandbox.

And this:

だってよ。

231 ：ひろゆき ◆3SHRUNYAXA ＠どうやら管理人 ★：04/02/05 14:13 ID:???
ハンマー投げゲーム機能つけてみました。
名前の欄に『murofusianasan』と書き込めば
【６０ｍ】とか【７５ｍ】とか記録が出ます。
数値はランダムで０～１００くらいまでありますよ。。。
お暇なら遊んでください。

I found this:

fusianasan【ふしあなさん】［名・自ｽﾙ］
２ちゃんねるに書き込みする際に名前欄に「fusianasan」の文字列を入力すると、その書き込みをした人のリモートホストのＩＰアドレスがさらされるようになっている。
本来は「（固定ハンドル)@fusianasan」などとして、まだキャップを取得していない固定ハンドルが自らＩＰをさらすことで騙りを防ぐためのシステムである。
が、裏２ちゃん関係のコピペが横行するに至って、一時期うっかりＩＰをさらしてしまう。
エロな人間が続出し、fusianasan廃止要望まで唱えられるに至った(当然却下されたが)。
ＩＰをさらすことだけによる危険は、そのＩＰから手元で使用中のコンピュータを一意に特定でき
（ex：グローバルＩＰによる常時接続）、かつプロキシ・サーバー、ファイヤーウォールなどの防御策を怠っている場合にしか及ばないので、
fusianasanに引っかかったからといって実はそこまで神経質になることもなかったりする。
……過去にＩＰから仕事中に政府機関から２ちゃんねるにつないで裏２ちゃんに入ろうとしていた愚か者が釣れてさらされたという事例はあるが。
なお、現在では一部の板でデフォルトの名無しさん（名前欄未記入時の名前）が「fusianasanさん」などfusianasanを含む名前となっている場合がある。
また、串の性能を試すために敢えて裏２ちゃんに引っかかっていると思われる強者もちらほら見受けられる。

類義語：mokorikomo
参照：裏２ちゃん、キャップ

While we're on that note, can there be a config.pl option to toggle between opening file attachments in a new window or in the current window?

And maybe this: http://wakaba.c3.cx/sup/kareha.pl/1126586277/5

>>220
I meant only using the extra post for autoclose situations where the thread has exceeded the defined postcount limit in config.pl. As for the implementation, couldn't you just have Kareha use post_stuff() and (somehow) replace the timestamp with "Over XXXX Thread"?

| stays |

>>208

> multi-page links (1-, 101-, 201-, etc) at the top of subpages

This is just implemented on some 0ch types. 2channel doesn't use it (at least on no board that I know of).

fusianasan + sage test

>>18
Firefox 1.0.7, WindowsXP Pro.

>>210

monospace font? like this?

> I'd like to have the interface reduced to what is absolutely neccessary

That's why there is a "More options..." link, instead of putting the controls there on every single thread everywhere.

> You mean requiring SQL software, or just making backwards-incompatible changes that would screw up old threads?

I mean, needing to alter the table that is already in the database. I don't want to try to do that any more than I have to, as it's pretty hard to get right in a database-independent manner.

> Are you only referring to flooding and spamming, or also trolls and flamewars?

Yes, only flooding and spamming. Trolling and flamewars are not a problem one should use banning to try and solve.

> Finally, out of curiosity: how much of the functionality in the .js file do you think could be properly implemented into a new or existing perl script?

Well, if you serve up dynamic pages, you can do the form-filling on the server, but that's about it. The rest is dynamic stuff.

Oh okay.

I agree, for Kareha at least.

>>116

Apparently it's not Japanese, because it's supposed to be pronounced as an English word. I have no clue, though.

>>55
I'm not complaining about the current system, just throwing around some new ideas for a change (instead of blindly following whatever new thing comes along on 2ch).

(Lots of stuff in here, click "whole post"!)

> How about listing what dmpk2k or you have done already?

Truth be told, I haven't even looked over his contributions yet. I'm doing some work on Kareha first. He did bandwidth load balancing for Wakaba across several servers, and image file archiving, at least. Plus some proxy checking and other goodies.

> Split threads and posts into separate tables. You're repeating the lasthit and parent column over and over.

Bad idea. Adds a lot of code complexity without adding any new functionality. The current solution is simple and robust.

> Automatic closing and moving of threads that do not get any activity in a certain timeframe (based on average activity frequency of the board)

This is nearly impossible to get right, and I don't think I'm going to try unless someone can think up a reliable algorithm that uses the data that is availble (not much).

> Reintroduction of "Marked for deletion (old)" (it's just handy to have that)

I tried several times, and concluded it wasn't worth the code and database overhead it would take. This feature is relatively easy to implement for Futaba-style post number limited boards (and Futaba implements it really stupidly), but it gets tricky when you have different deletion modes and want to do it right.

> Prune-limit mode that is defined by number of files or size sum of files on a board

Size limit is already implemented. I might add file limit, but I'm not sure it's all that useful, when you already have the size limit.

The rest, I agree with, and I will try to get most of it done. I'm sure there's some more stuff hidden in old threads, though!

>>Well, then you are out of luck, aren't you? So you want to enter your E-Mail but cannot because then the post wouldn't bump then? Solution: Write it in the comment field, problem fixed.

There is no reason to change well-known keywords for this or even turn this into a frustratingly unconvenient tickbox/checkbox.
Having a specific trigger to trigger ID would also work.

>discussion of only one comment box, then you couldn't talk about sage/fusianasan/whatever

You could only trigger the functions in a specific format, say

:link-sage
:name-blah#faggot

lol comment

I do not believe this was an actual request, but it is obviously possible and usable. Another way would be escaping keywords that you want to post.

> partition to kill secure tripcodes

Why? If you are going to get rid of secure tripcodes you should get rid of tripcodes by the same reasons. On another note, why have I seen partition instead of petition multiple times?

>So I misspelled one word once. Sue me!

My point was that it is unnesessarily obtuse, not nit-picking that you misspelled it.

>This is a widely used system. There is a very low learning curve here. sage = does not bump thread when replying, that's all there is to know. People can then figure out why it is useful on their own.

You would think there is a low learning curve, but that is not really the case. For example, on an imageboard, what effect do you have making a sage post (with no real content) with prune oldest and a permasage limit? What about prune oldest with a permasage limit that excludes sage replies?

>trigger replacements

I'm not sure what to replace sage with, if anything. Down certainly doesn't describe it (to me it implies the reverse of age, which is not the case). don't_bump or dont_bump? show_host or show_ip works for fusianasan imo... show_ID to trigger ID?

>>305

Shift-reload already! Also, most people are familiar with "More options..." links and know when and when not to click them. I might see about styling it, though.

> Thorough search functionality a-la notchan, using PATH_INFO. This might not be possible without implementing a per-post metadata system though.

I think this not something that needs to be part of the software itself.
Besides, Google mostly provides that function just fine with site:blahblahblah.com blah

Also, what is "user deletion"?

I want a 1001th post! :(

GDLib for thumbnails: http://wakaba.c3.cx/sup/kareha.pl/1113869490/5

> Does the CSS selector -really- get in your way?
> Is having the More options thing really ruining your experience,

Yes and yes and I already stated why.

I am sure you know this but text markup takes place on a whole different level than identification/bumping issues. Your comment about pgp signatures is very funny but I will not honour it with a comment.

>>123

Noted. I've been struggling with that same problem for naming things internally in the code, and obviously it distracted me from noticing the same problem in the GUI.

The Futaba template is missing the "No File" checkbox next to the File field in the Post New Thread area.

>>41

>database redesign

You mean requiring SQL software, or just making backwards-incompatible changes that would screw up old threads?

>prevent abuse

Are you only referring to flooding and spamming, or also trolls and flamewars?

Finally, out of curiosity: how much of the functionality in the .js file do you think could be properly implemented into a new or existing perl script?

>>110
Happened to me, too, sometimes it goes black, sometimes it goes white. Screen reappears if you just scroll up a bit but it's still strange.

Also, I forgot to mention: fusianasan works now! Put it in as your name to test it!