FAQ for those who migrated from the vBulletin version of LFGSS

You are reading a single comment by @Velocio and its replies. Click here to read the full conversation.

•

Nick.Earthloop in reply to @skydancer

How do I copy this list http://www.lfgss.com/comments/10107771/ with the hyperlinks?

As far as I know, there's no easy way to do this yet. I made a little tool to help with it a bit, but then deleted it because the boss didn't like the idea.

•

Velocio in reply to @Nick.Earthloop

This is a bad idea. Do not do this.

The value of the Markdown field is untrusted.

The Markdown can easily contain XSS. Whilst you could never put this on a site as we'd process it out... having one user access the raw Markdown of another does create the risk that the user who is using your tool will now be susceptible to any XSS attack put into the Markdown.

The raw Markdown is only ever supposed to be accessed by the person who made it. You may have just forced me to changed the API such that you cannot get the raw Markdown if you are not authenticated as the person who wrote it.

•

Nick.Earthloop in reply to @Velocio

The Markdown can easily contain XSS

Yes, that's why my tool escaped all the <, and why HTML posts won't work in it.

The raw Markdown is only ever supposed to be accessed by the person who made it. You may have just forced me to changed the API ...

Not my intention, tool deleted.

About

Avatar for Velocio @Velocio started