HREFs in Sputnik
Locked
|
Hello Guys,
I'm trying to enhance a bit the look of our Download Binaries Page at http://www.eluaproject.net/en/Binaries The idea is to replace the single list of binary file names (that is still there) by a table with some more info, like the one that I began to include there. Beeing a complete HTML analphabet, I asked for some help to include the HREF tags in the table but for some reason, the last column is not showing them as "normal" URL links (blue and underlined). Could anybody check to see what is wrong with my HREF table entries ? Do we need to use it differently in Sputnik ? I'd also appreciate a table content revision and/or info suggestions to include in the table. Thanksssssss Dado -------------- next part -------------- An HTML attachment was scrubbed... URL: https://lists.berlios.de/pipermail/elua-dev/attachments/20081229/45f10ca5/attachment.html |
|
|
The short answer is: use "href" instead of "HREF". I changed it on the
page and it works now. The long answer: Sputnik uses an XSS filter module to protect your visitors from XSS (cross-site scripting). For this reason, it does not allow you to put arbitrary HTML into the pages. The rationale is the following: it's one thing if someone comes and loads your wiki with span - you can always clean it up later. However, it's another thing if someone will edit your pages in such a way as to install viruses on your visitors' computers. This wouldn't be fun. So, all HTML gets filtered by default. Our approach to filtering is white-listing. That is, instead of trying to catch every possible kind of "bad" HTML, we simply filter out everything that isn't good HTML. Good HTML means: 1. It must be well-formed XHTML (this means the tags must be balanced among other things). 2. It can only use "safe" tags with "safe" attributes. E.g., you cannot put <script> into the page. 3. Values for some of the attributes must fit into certain patterns. In particular, href must start with "http://", "https://", "ftp://", "/" or "#". XHTML is supposed to only use lowercase tags and attribute names. So, it should be "href" rather than "HREF". - yuri On Mon, Dec 29, 2008 at 6:11 PM, Dado Sutter <dadosutter at gmail.com> wrote: > Hello Guys, > I'm trying to enhance a bit the look of our Download Binaries Page at > http://www.eluaproject.net/en/Binaries > The idea is to replace the single list of binary file names (that is > still there) by a table with some more info, like the one that I began to > include there. > Beeing a complete HTML analphabet, I asked for some help to include the > HREF tags in the table but for some reason, the last column is not showing > them as "normal" URL links (blue and underlined). > Could anybody check to see what is wrong with my HREF table entries ? > Do we need to use it differently in Sputnik ? > I'd also appreciate a table content revision and/or info suggestions to > include in the table. > > Thanksssssss > Dado > > > _______________________________________________ > Elua-dev mailing list > Elua-dev at lists.berlios.de > https://lists.berlios.de/mailman/listinfo/elua-dev > > -- http://sputnik.freewisdom.org/ |
|
|
Thank you for the short, long and quick answer Yuri !!!
Greetingsssssss Dado On Mon, Dec 29, 2008 at 18:44, Yuri Takhteyev <yuri at sims.berkeley.edu>wrote: > The short answer is: use "href" instead of "HREF". I changed it on the > page and it works now. > > The long answer: > > Sputnik uses an XSS filter module to protect your visitors from XSS > (cross-site scripting). For this reason, it does not allow you to put > arbitrary HTML into the pages. The rationale is the following: it's > one thing if someone comes and loads your wiki with span - you can > always clean it up later. However, it's another thing if someone will > edit your pages in such a way as to install viruses on your visitors' > computers. This wouldn't be fun. So, all HTML gets filtered by > default. > > Our approach to filtering is white-listing. That is, instead of trying > to catch every possible kind of "bad" HTML, we simply filter out > everything that isn't good HTML. Good HTML means: > > 1. It must be well-formed XHTML (this means the tags must be balanced > among other things). > 2. It can only use "safe" tags with "safe" attributes. E.g., you > cannot put <script> into the page. > 3. Values for some of the attributes must fit into certain patterns. > In particular, href must start with "http://", "https://", "ftp://", > "/" or "#". > > XHTML is supposed to only use lowercase tags and attribute names. So, > it should be "href" rather than "HREF". > > - yuri > > On Mon, Dec 29, 2008 at 6:11 PM, Dado Sutter <dadosutter at gmail.com> wrote: > > Hello Guys, > > I'm trying to enhance a bit the look of our Download Binaries Page at > > http://www.eluaproject.net/en/Binaries > > The idea is to replace the single list of binary file names (that is > > still there) by a table with some more info, like the one that I began to > > include there. > > Beeing a complete HTML analphabet, I asked for some help to include > the > > HREF tags in the table but for some reason, the last column is not > showing > > them as "normal" URL links (blue and underlined). > > Could anybody check to see what is wrong with my HREF table entries ? > > Do we need to use it differently in Sputnik ? > > I'd also appreciate a table content revision and/or info suggestions > to > > include in the table. > > > > Thanksssssss > > Dado > > > > > > _______________________________________________ > > Elua-dev mailing list > > Elua-dev at lists.berlios.de > > https://lists.berlios.de/mailman/listinfo/elua-dev > > > > > > > > -- > http://sputnik.freewisdom.org/ > _______________________________________________ > Elua-dev mailing list > Elua-dev at lists.berlios.de > https://lists.berlios.de/mailman/listinfo/elua-dev > An HTML attachment was scrubbed... URL: https://lists.berlios.de/pipermail/elua-dev/attachments/20081229/71345366/attachment.html |
«
Return to eLua Development
|
1 view|%1 views
| Free forum by Nabble | Edit this page |