[Greasemonkey] Userscripts.org spam comments
Lenny Domnitser
ldrhcp at gmail.com
Sun Aug 27 16:28:53 EDT 2006
On 8/27/06, Athena <afunabafuna at gmail.com> wrote:
> There's a "ju ju" spamming all scripts with some javascript that opens
> up five windows. Needless to say, it gets old really, really fast.
Javascript is getting through? Comments really should be filtered to a
subset of HTML. I don't know Ruby, but I wouldn't be surprised if
Rails already has this functionality. If not, it's important enough to
implement ASAP, since injected Javascript can do some real damage
(delete scripts, steal cookies, etc.).
Here's a good idea of what HTML is probably safe to accept:
http://www.feedparser.org/docs/html-sanitization.html
More information about the Greasemonkey
mailing list