Loading Profile...
EMPLOYEE
Is HTML allowed in topic posts and replies? And if so, what's allowed?
6 people have this question
I have this question, too!
Tell me when someone answers.
The more people who ask this question, the more it gets noticed.
The more people who ask this question, the more it gets noticed.
The best answer from the company
-
Yes. Some HTML is allowed. We plan to add some WYSIWYG tools to make styling and embedding easier but in the meantime, you can hand-code the following HTML into your topic posts and replies.
Here's the white list:
TAGS: (a b i p u ul ol li br em strong blockquote strike embed object param img)
ATTRIBUTES: (ref src width height alt title name value type wmode target class flashvars rel)
PROTOCOLS: (ftp http https mailto webcal feed)
If you're not really familiar with HTML and aren't sure what HTML tags to use for what, here's a great resource.
If you notice any of these tags NOT displaying properly please let us know.
I’m HTML happy
The company and 6 other people say
this answers the question
-
Inappropriate?Yes. Some HTML is allowed. We plan to add some WYSIWYG tools to make styling and embedding easier but in the meantime, you can hand-code the following HTML into your topic posts and replies.
Here's the white list:
TAGS: (a b i p u ul ol li br em strong blockquote strike embed object param img)
ATTRIBUTES: (ref src width height alt title name value type wmode target class flashvars rel)
PROTOCOLS: (ftp http https mailto webcal feed)
If you're not really familiar with HTML and aren't sure what HTML tags to use for what, here's a great resource.
If you notice any of these tags NOT displaying properly please let us know.
I’m HTML happy
The company and 6 other people say
this answers the question
-
Inappropriate?actually, that one could be a security hole, I dont think we whitelist the emotion text.
I’m fixin that shortly
-
Inappropriate?With all those HTML tags allowed (I wouldn't allow "object" to be posted on my website, for instance. not that I allow any other tag except for pre anyway), why is <pre> not allowed?
Come to think about it, I didn't even try and see if it's allowed or not, but the first post in this topic says it's not, so let's see here if it works:
Being able to enter some code here would be nice
P.S. If this works, you can totally delete this post =)
P.P.S. It didn't. -
Inappropriate?Can Berk Guder,
The object tag is so important to allow that because we want people to embed youtube videos directly from the code that youtube provides you. At present, we don't do any deep analysis of the content of an object tag (for example, only allowing 'blessed' embeds), but that option is available in the future if needed.
My opinion, though, is in that case prior restraint is *way* too much, and punishment of the abuser is more appropriate.
As for the pre-tag, the only reason we don't support it at present is becasue we haven't styled it properly to place nice in the content area provided. Ted is a really busy man right now, and I'll queue the work up with him, but it may be a little bit before support is enabled. -
Inappropriate?I'm not suggesting you disallow the object tag, I'm only saying that pre is not supported, when even object is =)
Anyway, I think even a simple "font-family: Consolas, Courier, monospace" would suffice for now, it doesn't have to be fancy. =) -
-
Inappropriate?Yeah, that's a handy one. I'll run it by the dev team. Thanks for the suggestion, Dave!
-
Inappropriate?Will do!
-
-
Inappropriate?If anyone has requests to add to our list of allowed HTML tags please let us know.
Tags we currently allow:
a b i p u ul ol li br em strong s strike blockquote embed object param img
I’m curious
-
Inappropriate?What tag should I use if I'd like to paste xhtml/javascript code into a reply?
I’m hopeful there's one I can use
-
Inappropriate?You can use regular html structure (for the tags above) at the moment. What kind of javascript did you want to use?
-
Inappropriate?I had wanted to post the xhtml/javascript for a Twitter badge. Ended up creating a page on the Twitter Fan Wiki that contains the script as a workaround in the meantime. 8-)
You can see the actual script on this page.
I’m happy to get a reply
-
Inappropriate?Yes, I also want to post raw HTML without it being acted on by GetSatisfaction. How can I do this? -
Inappropriate?At present, there is no way to post HTML and have it not be stripped and cleaned by satisfaction. Allowing people to post html freely would be a security hole and irresponsible on our part.
Allowing unfettered html to be posted would mean that you could post code to break the layout of the page, ruining the experience for others. That doesn't even get into the realm of embedding your own javascripts.
Given access to post javascripts in a page, someone could do all sorts of bad things: starting with ruining the site experience for others and ending with stealing private data from our users.
The way to secure javascript is to use something like google's caja: http://code.google.com/p/google-caja/, but at present i'm unaware of an actual implementation of the specs and the resources spent on satisafaction's part to implement the spec ourselves would be very large. Honestly, I wouldn't count on this capability being offered on the site anytime soon, barring an open source implementation we could use, or overwhelming community demand.
Thanks for your feedback though!
-
Inappropriate?I *am* curious what the particular case you have in mind, Clif. What exactly do you want to do?
-
Inappropriate?I think I didn't explain well. I want to show HTML code examples. I think someone mentioned you don't support the PRE tag?
-
EMPLOYEE
EMPLOYEE
EMPLOYEE