August 14th, 2011

thoughtful

How annoying is duplicated posts

Do you, reader, think its a good idea to cross post to multiple social networks and let the reader deal with duplicates?

Or would it be better for the representation of ones social network be incomplete on any particular site. (E.g. some people are only on facebook friends, or twitter followers, or G+ circle members.) So post deduplication is handled by only subscribing once on ones preferred service..

Or alternatively the poster could just pick one site and post there and make everyone check multiple sites to keep up with everyone they want to pay attention to.

How annoying is social network post duplication

Really annoying
2(22.2%)
A little annoying
2(22.2%)
No opinion/Don't care
1(11.1%)
Its fine
3(33.3%)
Its great
1(11.1%)
thoughtful

Protecting against XSS

I wanted a module to strip out potential XSS injections.

I looked at the set of allowed HTML on the LJ post and was came up with this idea.

use BeautifulSoup to parse the submitted html, remove all tags that aren't in a safe html whitelist. And then for img & a tags process the url and require they start with an allowed set of protocols. The main downside is that <img src=/foo.png/> wont work. you have to list the http:

This seems like a good method for sanitizing user input while allowing some html -- but how can you really know you're protecting against all the possible ways to inject a hostile payload. There's some really funky techniques for tricking the browser at http://ha.ckers.org/xss.html

Collapse )