- Thanks. I agree.
- Tables were my first choice. Very large images or strings of text stretch the width of the table beyond the right edge of the screen. I originally had the whole thread in one table, but the first large image or long URL destroyed the right margin. I then put each reply in a table to localize the screw-up, but it was still a screw-up. I discovered that BLOCKQUOTE does the right thing with the margin, it allows an image outside of it's right margin but contains what it can.
- I prohibit style because I haven't yet written a style filter to block the positioning bomb. I also want to filter style because I don't know when in the future some browser will stuff executable code in style sheets. My focus is to disallow executable code. (JavaScript etc.)
- Didn't realize browsers could choose their own style sheets. Hrm.
- I agree, hijacking EM was a bad idea. It was the closest tag I could find for highlighting. I reversed it, will add a class to replace the missing functionality of background-color.
From a security stand-point, I may not know
when a user is using HTML in an
unsecure fashion. In particular, I refer to JavaScript and the security of your identity cookie. If that cookie is hijacked, someone can become you. The destruction would be limited if a normal user's account was hijacked, but Jim and myself have a great deal of access to the system. It would be a bad idea if someone got our cookies.
I filter HTML because the next version of the forum software will be more sensative to ill-formated HTML. Replies may be displayed out of order, and a follow-up close tag may not be shown at all.
I don't believe there is another forum on the Internet where posters have as much freedom of expression as here on Free Republic. I think I'm doing a very good job of balancing freedom of expression and system security. The later of which had been horribly lax for too, too long.
>I don't believe there is another forum on the Internet
>where posters have as much freedom of expression as here
>on Free Republic.
There is not, to my knowledge, either.
>I think I'm doing a very good job of balancing freedom of
>expression and system security.
You are.
Thanks.
I am just a stickler for the rules, that's all. Using an element of structure--BLOCKQUOTE--to impose an element of style--paragraph widths--runs counter to the vision of the W3C. Unfortunately, due to the ignorance/stupidity/laziness of browser vendors in regards to comprehensively implementing the W3C's standards, we are forced into using workarounds to ensure compatibility--like using tables for layout. I posted my template here, in case anyone should find it useful.
I retract my earlier assessment of server side personal style sheets--it is a Very Good Idea, as it is an enhancement of personal freedom.