No delete button for comments #44
Comments
|
Yeah, and an edit button. I'm not too familiar with that subsystem. It also needs a decent limited markdown, like reddit comments. |
|
Yeah, are you sanitizing your inputs and such to avoid injections? |
|
Sanitizing the output mostly. It's part of the django templating system. I'm very careful if I'm ever pushing raw html to be included inline in a template. Like the readme files. There's been at least two separated users created to try and run XSS attacks. There's no point where we're dealing with "raw" input, it's all python unicode being used with an sqlalchemy style api, so there's not risk there. |
|
Alrighty. Definitely take a look and see how hard it would be to implement markdown in the comments and readme.md. |
|
It's already in readme.md, just not the comments |
|
Looks like it wouldn't be too hard. But prioritization. I'm going to work on getting the CDN properly sorted out, and on the multiuploader page. |
|
Fucking full time employment and it's time usage. |
I wrote some test comments in the Lulzbot Begonia page and now I can't delete them. perhaps that's something we need.
The text was updated successfully, but these errors were encountered: