Coding Horrors
-
Still, there's only a subset of allowed values: named colours and probably hex codes. It's still not rocket science.
The problem was that the name of the colour was used in the inline style without sanitisation to ensure that the name was only used as a colour name. Who are we to say that a colour cannot have a semicolon in its name? We just need to apply the correct quoting technique.
It was a really useful way to inject your own CSS. ;)
-
Who are we to say that a colour cannot have a semicolon in its name?
Aren't we talking CSS colours, which got taken from X11 spec originally? In which case - CSS says so, because semicolon is used to separate statements and as such cannot be used in values.
It was a really useful way to inject your own CSS.
Not saying that it wasn't, just saying that it was a bad parser.
-
That cannot be markdown, then. By design, it handles only simple formatting.
Why should a forum have more than simple formatting? That would just be abused
-
#Why would anyone
want to do thᵃt¿
-
Why would you do that to us.
-
-
-
-
we have no damn clue what we are measuring until we get a lot more data
"We wrote the code, now we need to know what it does".