MeFi isn't spoof-proof March 8, 2001 6:06 AM   Subscribe

Not a bug as such, but plinth's latest shows that MeFi isn't spoof-proof. Is there a way to parse comments to ensure that "layout-critical" HTML (ie the "span class" tag) won't be rendered?
posted by holgate to Bugs at 6:06 AM (7 comments total)

plinth did a very nice job, actually. Even after viewing the source it took me a while to realize what was happening, but once I knew, it became reasonably apparent that someone had faked the post. (especially considering the anchor tag is severely out of order)

I think that, for the most part, it's a harmless prank and we shouldn't worry too much about it. If it becomes an issue and someone uses it for actual evil purposes, then it can be chased down in a couple of ways - especially by looking at the actual data - and the violator can be severely beaten.

I don't think many people will use it for evil though.
posted by cCranium at 9:14 AM on March 8, 2001

oh. heh. weird. Yeah, I guess I could figure out a way to circumvent this sort of hack.
posted by mathowie (staff) at 10:22 AM on March 8, 2001

oh, who am I kidding? I'll never get around to it, because I'm just plain lazy! That reminds me, does anyone else around here like wrestling? WWF Smackdown is the best show on TV. The Rock rules! I think I'll go watch it right now.
posted by mathowie at 3:38 PM PST on March 8

I don't know, Matt. Maybe you should fix that bug before someone abuses it.
posted by waxpancake at 3:54 PM on March 8, 2001

;-j waxpancake
posted by lagado at 7:45 PM on March 8, 2001

heh, funny waxpancake.

ok, duly noted. I can search for "span class=" being in a comment and kick that shit out from ever being posted.

posted by mathowie (staff) at 8:54 PM on March 8, 2001

I love Hillary! No tax cuts for the rich! Viva Castro!
posted by aaron at 9:35 PM on March 8, 2001

posted by waxpancake at 9:54 PM on March 8, 2001

« Older Please add years to date field   |   DNS issues related to server switch Newer »

You are not logged in, either login or create an account to post comments