Subtle changes, bugs and feedback

Posted on
Page
of 312
  • That's an acceptable trade-off for me.

    You've put unicode into your username, and that's fine. But messages are very aggressively sanitized, the input scrubbed. That's a security thing to deal with some of the OWASP Top 10 security risks. If I disable that piece of scrubbing, even in one small place, it would create a security risk.

    I won't do that... so instead, I'll accept that you don't get notifications and someone else does. Oh well.

  • What kind of madness is this?

  • I've just worked out that I got this completely wrong. What happened was, of course, that I highlighted the text I wanted to quote, and that's when the non-breaking space was removed. D'oh. Is that what you mean by 'scrubbing of messages' or does that use, simply, an operating system function which retrieves highlighted text?

    It should be such a vanishingly rare case, anyway, just thought it might affect others who use the nbsp, although I don't know if anyone else does. Arguably, it's not even necessary to be notified of repeated mentions that occur in quotes most of the time.

    Needless to say, I don't have the faintest understanding how security risks work, either. :) I'll try to read up on that, as I find it interesting.

  • Everything that anyone submits to the site... goes through this: https://github.com/microcosm-cc/bluemonday

    The output of that, is the basis for what we store in the database.

  • This was mentioned previously but I'm not sure if it was ever resolved.

    If you have a link where the link is the URL then hovering over the link will give you the mirco.sm link as the address it will take you to and the tooltip will be the actual URL (albeit cut off). Like this second pic:

    If someone has typed in a description of the URL then the link will show the micro.sm address, the screen will show the description and hovering over the URL does not give a tooltip. As such you can't see what URL you are being directed to.
    First pic shows an example (you can't see the mouse cursor but it's over the URL that's underlined)


    2 Attachments

    • pic no tip.jpg
    • Pic with tip.jpg
  • I have just made it so that:

    • You cannot SHOUT in unicode... that is, if you type in a Chinese script in title case then we will convert it to all lower case (or equivalent). Works for all languages, and applies to text of posts as well as titles and usernames.
    • You can no longer use any non-printing characters on the site. Only spaces, tabs and newlines are preserved, and even then only where it makes sense to. Specifically usernames are words, they can contain no space whatsoever, even unicode spaces are removed.
  • What about @Oliver Schick?

  • Anyone with any kind of space in their username at the moment will lose it the moment that they edit their profile for any reason (including changing avatar or profile text).

    Meaning they've been "grandfathered"... they keep it so long as they do not touch their profile.

  • I can't see the "follow" button on threads I'm not following anymore. If I'm already following a thread, then I can see the "notify me by email" checkbox, but not the (un)follow button.

    Chrome 47, OSX 10.9 - have had this affliction for at least a few days (don't recall precise dates, soz)


    2 Attachments

    • Screenshot 2015-12-19 16.44.00.png
    • Screenshot 2015-12-19 16.47.28.png
  • Sign-in is now asynchronous.

    What this means is that we don't load the Persona stuff on every page load, just when you sign-in or sign-out.

    What this means in real terms is:
    1) Every page is faster
    2) Except when you sign-in/sign-out, which will suffer a small delay before it happens (noticeable on a slow mobile network)
    3) Some versions of some browsers may detect that Persona is a pop-up window and will ask your permission, if your browser does this you may want to whitelist it

  • No idea why that would be... I'm seeing it in all of the browsers I have at hand.

    Does a force refresh not deal with it?

  • Oh, weird. Force refresh does nothing to help, but I've just switched machine and it shows up on Chrome 45, OSX 10.8, also Firefox etc.

    Quite the edge case ¯_(ツ)_/¯

  • I'm on 47 here, as well as FF 43, both on Linux but both showing the button.

    Maybe there's a clue in your console?

  • Looking at the console was the first thing I tried ;)

    No errors anywhere, no obvious reason why it wouldn't be showing up - I can see it exists in the HTML but can't see anything that's acting upon it to make it invisible.

    Might just be some plugin I have installed that's messing with it, somehow - adblock seems a likely culprit as the button has "subscribe-button" as its ID and that would seem to be the kind of thing it'd block.

  • Yeah, so I just whitelisted LFGSS and lo, the following button reappears. Soz for false alarm.

    I think I maybe accidentally murdered it in one of my many ongoing attempts to get those wretched "SUBSCRIBE TO THIS WEBSITE" modal popups permanently out of my face.

    Edit: turns out that I didn't accidentally murder it at all, and that actually "subscribe-button" is nixed by fanboy's "Annoyances" list. So there we have it.

  • Ah, interesting... I'll just change the name of it then :)

  • Timezones.

    Events are now timezone unaware, and at the same moment they are timezone aware.

    Basically we no longer attempt to do clever things, we don't try and look at the timezone you are in, or where the event is... now, whatever date and time you enter... that is when the event happens locally.

    But... search. Search does need to know about timezones, so if you create/edit an event do check that whatever the timezone is, is the correct one.

  • I cannot for the life of me sign into the forum on my iPhone?

    Safari:
    Click on 'Sign in or Register' and it goes nowhere - Press it with my fancy 3D touch to preview the linked page and it displays the one I'm on.

    Link

    Chrome:
    Click on 'Sign in or Register' and it goes to the sign in page. Sign in and everything it boots me back to the home page and i'm not signed in. Click 'Sign in or Register' again and it has my details all there. Click 'Sign In' and again boots me back to homepage without signing me in.

    Help?

  • Sounds like the iPhone is blocking the pop-up window.

    Is there a pop-up blocker built into the iPhone? Could you look through the settings and see if there is an exemption list that you can add http://www.lfgss.com to. If there is (there should be), make sure to add LFGSS the way you access it, i.e. http vs https

  • How would one go about linking to links ending in a bracket? Not uncommon on Wikipedia and it doesn't work. I tried escaping the first bracket with a backslash but then it did not parse the link at all.

    Oh wait, now it does. Nevermind.

    Test.

    [Test.](https://en.wikipedia.org/wiki/Vegas_(The_Crystal_Method_album))

  • Quite correct Sir.

    It appears its block all or nothing in the delightful world of iOS. I'd previously blocked another site by clicking block and it'd turned the block on for all. Can't see a 'whitelist' anywhere so looks like i'll have to deal with the 'Block or Allow' question every time.

    Thanks!

  • Nah, I've rolled back that change.

    I was hoping to remove the 10+ HTTP requests on every single page, by asynchronously loading the login code only when someone logs in, or logs out.

    But... iOS and Safari in general appears to consider this change to be popup advertising and is blocking it.

    So I've gone back to the old way of doing things to avoid the log-in dialogue being blocked.

  • Sub-forums are now visible (if you have permission) and clickable from the forum above.

    Meaning on the home page, you can now see and click-through to each of the classifieds sections.

  • In classifieds, it would be good to be able to sort the items for sale in order of which ads were posted most recently, instead of which ads were commented on most recently.

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview
About

Subtle changes, bugs and feedback

Posted by Avatar for Velocio @Velocio

Actions