Userscripts.org has no class
Posted by Jesse Andrews on Aug 26, 2008
Users have been abusing the class attribute in comments/descriptions/other fields. It has gotten rather bad, so I've had to disable it :(
Sorry to those of you who were using the class attribute in useful ways, but the abuse has warranted this sudden change.
I think the class attribute should probably be legal in script descriptions, but limited to a preset?
Also commenters are using images in very aggressive ways, I think I'm going to kill that soon by making it so images in comments are not displayed until a user asks for them to be.
You could comment on this post if you were logged in.
login to vote
Are you using whitelist-based or blacklist-based HTML sanitizing? I'd caution against the latter, if that's what you're doing.
login to vote
I'm using whitelist - currently I'm allowing:
tags:strong em b i p code pre tt output samp kbd var sub sup dfn cite big small address hr br div span h1 h2 h3 h4 h5 h6 ul ol li dt dd abbr acronym a img blockquote del ins fieldset legend
attributes: href src width height alt cite datetime title dir
Although there is strict requiremenst for src/href (must be http/https/other valid protocols)
login to vote
It's to bad it is used badly.
dtandddshould be surrounded?bydl, which isn't supported here.login to vote
Whilst I am quite ignorant on such matters (not got that far with style sheets and tags etc yet!) I am not ignorant on people abusing stuff, is there no way you could set up comment/descriptions/other fields moderation?
I realize that this would mean extra time and stuff but it might me worth it in the long run. This is a great place and some people (like myself) who are learning - learn from places like these, so it's a shame for those not abusing it.
It's just an idea or a thought, anyway keep up the good work
login to vote
jerone,
That is an oversight, I'll add it in to the next deploy :)
MissGreen,
The idea is to work towards moderation, unfortunately the class attributes they were using was causing the entire page to be overtaken. They were using the "editbox" css (which is displayed above all the other content on the page). It is what happens when you click "add comment"
login to vote
yesterday i was trying to put a PNG image in a script detail, but still no success, is that related?
login to vote
lazyttrick,
it was, I was a little over-aggressive and disabled all attributes for 30 minutes before realizing what I had done.
I updated your script - http://userscripts.org/scripts/show/32579 - to show the png. Basically I clicked "edit metadata" then clicked save.
login to vote
thanks :-) I hope you guys get rid of the problem
login to vote
How about adding the
centertag to the whitelist. It's deprecated, but it can be useful to center elements in the script description as CSS styles aren't allowedlogin to vote
would be nice to allow some<> css classes for styling purposes
login to vote
Somebody spammed the shit out of the forums :(
Just complaining...
login to vote
btw why don't you allow span with a style attribute?
login to vote
thankssssssssssssssssssssssssssss
login to vote
thanks very match
login to vote
I have no idea how any of this works, but just tried the userscript for facebook (setting it back to older version) and it does not work, anyone any ideas
login to vote
Jesse,
Would you mind whitelisting the < s t y l e > tag in script-page metadata?
I was using it respectfully on my page [http://userscripts.org/scripts/show/12917] as an example of what they would get with my script.
Thanks for checking it out! I appreciate your help.
Best regards, GD