Reduced Comments - thursday 2005-07-21 0604 last modified 2005-07-21 0610
Categories: ryanlee.org
TrackBacks Sent: None

After an incident with some nitwit posting a redirecting Flash movie to his lame ad site in my comments, I've substantially reduced the number of valid tags allowed in comments, and I'm barring certain protocols in links and certain attributes on tags.

That was a longstanding issue finally resolved. And it was actually a good thing that I stayed up this late. Now to see if I can get him unhosted.

The code:

    set safe_tags "a|p|b|i|u|strong|em|strike|abbr|acronym|blockquote|code"
    set unsafe_attrs "style|on*"
    set unsafe_protocols "mailto|javascript"
    set tags_count [regexp -nocase -all {<[^>/]*>} $string]
    set safe_count [regexp -nocase -all "<($safe_tags)( \[^*>\]*>|/>|>)" $string]
    set proto_count [regexp -nocase -all "<a \[^>\]*href=(\"|\'|)($unsafe_protocols):" $string]
    set attr_count [regexp -nocase -all "<\[^>\]* ($unsafe_attrs)=\[^>\]*>" $string]

    if { $tags_count != $safe_count } {
        # warn
    }

    if { $proto_count > 0 } {
        # warn
    }

    if { $attr_count > 0 } {
        # warn
    }

If anything looks suspect to the nerds out there, please...leave a safe comment.

Comments

hi ryan! hehe fu...

hi ryan! hehe funny post. you're like the batman of the internet :)

lisa hsu on July 21, 2005 12:52 PM

(looks down at h...

(looks down at his cape) - You have no idea...

Ryan Lee on July 21, 2005 03:23 PM

You must login to leave a comment

TrackBacks

No TrackBacks for this entry.