Loading Profile...
Writing non css in the css
Hej!
If inserted in my css (clicked on edit CSS) the following string "<style>", i wanted to see if you escape or remove it. but it got saved.
1) i think you should remove every tag like string
2) maybe you can also use a css-validator on the server-side and deny saving when it is invalid css.
3) could you please remove this from my css (bastilian.soup.io)
</style>
If inserted in my css (clicked on edit CSS) the following string "<style>", i wanted to see if you escape or remove it. but it got saved.
1) i think you should remove every tag like string
2) maybe you can also use a css-validator on the server-side and deny saving when it is invalid css.
3) could you please remove this from my css (bastilian.soup.io)
</style>
1 person has this problem
I have this problem, too!
Tell me when someone solves it.
The more people who report this problem, the more it gets noticed.
The more people who report this problem, the more it gets noticed.
-
Inappropriate?Haha, trying to inject a little script, eh? I've removed it for you.
Thanks for the suggestions! We should definitely at least escape the output to prevent breaking the admin panel. -
Inappropriate?thanks for removing.
it wouldn't have worked anyway, cause it is in an external file i should have looked at the page source first. :)
btw: i really like soup. i had an very similar idea. an opensource tumbleblog engine with flickr, last.fm... integration and without auto-gathering the data.
you did a great job. and the humanized reader like scrolling is great to. i think it would be even nicer if you hide posts out of the viewport and insert posts at the bottom and not get a bunch of post, but get one or two posts frequently as JSON-data.
I’m thankful
EMPLOYEE