nickvergessen wrote:Well adding a url field to the author on quotes is only half the feature we had before.
If the argument is 1 BBCode = 1 feature then it's only 16.67% of what you had before (b, i, u, color, url and email are all allowed in the quote's author field.) And it's even less when you consider that in the current system you can use multiple URLs and multiple colors and multiple underlines (etc...) in the quote's author.
Realistically, apart from the
url
BBCode I don't think those features will be missed by many people. Or by anybody really. For those who do miss them, it will be possible to work something out as an extension as soon as we create events to give them access to the library. And even without an extension, if someone
really wants rich quote authors they can create a custom BBCode that's used for the quote's author line.
I'm going to add the URL-enhanced
quote
BBCode tomorrow. It will automatically extract the first URL it finds in the quote's author. That means that the following will be functionally equivalent and they won't require a migration.
Code: Select all
[quote="[url=http://example.org]author[/url]"]...[/quote]
[quote="author" url="http://example.org"]...[/quote]
naderman wrote:Censoring domains or URLs is a very common practice so we need a solution, either a new feature to blacklist URLs or a modification of how the censors work.
I have spent time on this and I've come to the conclusion that there is no simple, clean way to have a censor that is:
- fully dynamic
- HTML-safe
- works on URLs
You can get two of them without too much work, but to get all three requires either a lot of work or it will be a hack.
You can get a censor that is fully dynamic on the post's text, HTML-safe and blocks URLs at parsing time. The URL blocking would not be retroactive.
Or you can just run
censor_text()
on the HTML. It's not HTML-safe but that's closer to what 3.1 does.
There are many possibilities but all of them involve a trade-off. To keep things in perspective, regardless of how thorough the link censor is, all it takes to bypass it is a URL shortener.
Edit: after some more brainstorming, I think I can use a modified version of the HTML-safe censor I use in the library to censor text nodes and the content of HTML attributes. That might be the closest thing to how 3.1 behaves. I'll look into it ~tomorrow.