Can't edit to previous text?
-
So I just wrote a simple post in the 'Hooray for security' thread:
That's some embarrassing voice acting...
Naturally, I had to edit it as I had second thoughts about the ellipsis:
That's some embarrassing voice acting.
Naturally, by the time I finished, someone quote-replied to the original version of the post already, plus I had third thoughts about the ellipsis debacle, so I decided to edit it back to:
That's some embarrassing voice acting...
But then discourse helpfully pointed out that:
Body is too similar to what you recently posted
Huh? Is it trying to prevent me from spam-posting the same message without realizing I'm actually editing that very message?
Bad discourse.
-
It's too
smartdumb for its own good.
-
-
Or just add some profanity directed at Discourse.
Filed under: Roughly the same thing, right?, Also, I guess I can stop doing #tag for these
-
-
@created_just_to_disl said:
Is it trying to prevent me from spam-posting the same message without realizing I'm actually editing that very message?
This. I know I've written about this before, fairly recently, but it doesn't seem to have been an actual bug report.
-
-
And this will be hilarious if one day in the future, elements like <hidden> ever become actual legal tags.
-
hopefully they'll be blacklisted for discourse.... otherwise a lot of my posts will cause the rest of the thread to disappear....
-
This is Discourse, what do you think?
Given their reticence to actually blacklist in the first place...
-
Yay! A new attack vector! :)
-
Given their reticence to actually blacklist in the first place...
well, they do blacklist somethings, otherwise class="fa-spin" would still be a thing.
-
And this will be hilarious if one day in the future, elements like <hidden> ever become actual legal tags.
I think it's more likely that discourse will whitelist tags and start escaping the brackets around non-whitelisted stuff for display, followed by a full rebake.
-
I think it's more likely that discourse will whitelist tags and start escaping the brackets around non-whitelisted stuff for display, followed by a full rebake.
You mean the thing that every other system has been doing for years but the Discodevs haven't realised it yet - but will eventually?
If only they'd actually looked at what other systems do, they might have had fewer vulnerabilities up front and probably more reliable HTbbcodeMarkdownML.
-
You mean the thing that every other system has been doing for years but the Discodevs haven't realised it yet - but will eventually?
Yeah, I'm still baffled by this decision.
-
I'm actually not baffled by it at all.
There's two components to it: firstly, stubborn and wilful ignorance of other forum systems because 'they're all doing it wrong', so no desire to ever learn any lesson from them (because half of them did it wrong to start with because they simply didn't know any better... Discodevs have no excuse not to learn from others by now, though, except arrogance)
Secondly, this weird idea of mixing HTML, bbcode and Markdown... > is a legitimate character in Markdown in a way it wouldn't be in HTML, when you use it for blockquoting, so all the usual parsing goes out the window. (And we 'never' use regexp for this, right? No sniggering at the back)
The whole HTbbcodeMarkdownML thing is a serious cause for edge cases and vulnerabilities, so much so I suspect it'll be years before it's properly rugged enough. But you combine this 'we know best for our users' mentality with never learning from the lessons and pain that everyone else already went through and you have a seriously painful time ahead of you.
-
-
It's certainly part of the problem.
-
I suspect it'll be years before it's properly rugged enough.
They could do it quite a bit faster if they stopped trying to use just regexps. If instead they built a model of what the content said and then just rendered that, the vulnerabilities and inconsistencies would be gone: any unexpected characters would just end up as either stuff that gets unceremoniously dropped or as literal characters in the model (to be automatically quoted correctly during the render). The inconsistencies would (eventually) be a thing of the past since the various different styles of BBdownML would convert into the same model and so get the same render.
It's not rocket science. It's computer science!