I dare you…
Thursday, 25 November 2004
…to make a mess of the comments of this entry. I’m working on a new plugin for Nucleus, called HTML Comments. It allows visitors to post comments in HTML, without (hopefully) allowing users to post malicious mark-up. If the plugin functions as I hope it does, every comment will still validate properly as XHTML. The code is based on lib-scrub and will be released under the GPL once I work out some of the bugs. So I dare you to try it out and post the most screwy HTML constructs you can find as I will monitor the performance of the new plugin.
Allowed tags are:
strong, b, em, i, del, strike, s, sup, sub, tt, kbd, code, pre, br, p, a, img
The plugin works in three modes:
- Plain text mode: If the text contains no tags, it will let Nucleus use it’s own filtering algorithm.
- HTML styling: If the poster does not specify any linebreaks or paragraphs it will try to build those from the hard line breaks present in the text. So you could post just like you are used to, except use tags like <b> or <em> for styling your post.
- Full HTML: If the poster does specify linebreaks or paragraphs the plugin will ignore any hard line breaks and base the presentation solely on the HTML code present in the post.
Check if the page is still valid XHTML with the W3C Validator
Update: I’m making quite a bit of progress with Lib-Scrub, the library on which this plugin is based. I’ve rewritten large parts of it since the last public release. Improvements include checking the document against a DTD, which will ensure that attributes or tags that are not allowed will not end up in the output. Next thing to do… checking if required attributes are present…