Camelia, the Perl 6 bug

IRC log for #metacpan, 2013-07-19

| Channels | #metacpan index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:09 * rwstauner doesn't get it
00:31 rwstauner oh i see... it's a public accountability todo list
00:31 rwstauner it's a playperl wrapper?
00:31 * rwstauner shrugs
01:38 shmuel joined #metacpan
02:44 dsteinbrunner joined #metacpan
02:59 dsteinbrunner joined #metacpan
03:23 ether_ joined #metacpan
04:06 metacpan joined #metacpan
04:06 metacpan [metacpan-web01] monken created mo/win32 (+1 new commit): http://git.io/MBW0fQ
04:06 metacpan metacpan-web/mo/win32 09a2d82 Moritz Onken: experimental fallback to HTTP::Tiny
04:06 metacpan left #metacpan
04:06 dipsy [ experimental fallback to HTTP::Tiny · 09a2d82 · CPAN-API/metacpan-web · GitHub ]
04:12 metacpan joined #metacpan
04:12 metacpan [metacpan-web01] monken pushed 1 new commit to master: http://git.io/c47lPw
04:12 metacpan metacpan-web/master 733f309 Moritz Onken: reduce data transferred for /recent
04:12 metacpan left #metacpan
04:12 dipsy [ reduce data transferred for /recent · 733f309 · CPAN-API/metacpan-web · GitHub ]
05:08 omega rwstauner: they changed playperl into questhub, to make it more general
05:59 jwang joined #metacpan
06:06 bouncy joined #metacpan
06:28 Mike-PerlRecruiter_ joined #metacpan
09:35 daxim joined #metacpan
10:11 dsteinbrunner joined #metacpan
10:31 metacpan joined #metacpan
10:31 metacpan [metacpan-web01] monken pushed 4 new commits to mo/bootstrap: http://git.io/-bVJ7Q
10:31 metacpan metacpan-web/mo/bootstrap ef850b4 Moritz Onken: fix tables: sort, ellipsis, mobile
10:31 metacpan metacpan-web/mo/bootstrap 2a5a84d Moritz Onken: fix fixed sidebar where content is shorter than sidebar
10:31 metacpan metacpan-web/mo/bootstrap cf41392 Moritz Onken: author-pic reworked for mobile
10:31 metacpan left #metacpan
10:31 dipsy [ Comparing c6d954e5df36...892c4584b0bb · CPAN-API/metacpan-web · GitHub ]
12:45 bowtie_ joined #metacpan
13:35 rwstauner omega: ok, thanks
17:39 bowtie joined #metacpan
17:48 bowtie_ joined #metacpan
18:30 Mike-PerlRecruiter_ joined #metacpan
19:03 cooper joined #metacpan
21:32 daemon joined #metacpan
21:53 ether what do you guys use for your HTML rendering?  where can I see how the html is mangled?
21:53 ether I'm enclosing some CSS in a =begin html/=end html section, and the styles are getting mangled
21:53 ether or rather, lost
21:55 trs ether: it's probably scrubbing.
21:56 ether what can I do to prevent or work around that?
21:56 trs nothing... it's scrubbed for security.
21:56 ether I guess I can inline the style data into every element, rather than declaring it up front
21:56 trs not if style="" attributes are also scrubbed :)
21:57 trs one moment, findig you the rules
21:58 trs https://github.com/CPAN-API/metacpan-web/blob/mas​ter/lib/MetaCPAN/Web/Controller/Module.pm#L51-L87
21:58 dipsy [ metacpan-web/lib/MetaCPAN/Web/Controller/Module.pm at master · CPAN-API/metacpan-web · GitHub ]
21:59 trs I'm actually surprised style is allowed on any attributes at all; it can be a nasty phishing vector.
22:00 ether style="" aren't, at least not all of them - as the one I put on the surrounding <div> survived
22:00 trs nod, see the rules above :)
22:00 trs style is allowed on some tags, not others.
22:00 ether the page in question is https://metacpan.org/module/​Acme::CPANAuthors::Nonhuman - compare the html embedded in the pod vs. what actually shows up on the rendered page
22:00 dipsy [ Acme::CPANAuthors::Nonhuman - We are non-human CPAN authors - metacpan.org ]
22:01 * ether reads your link
22:02 ether ok, looks like I can switch my img tags to using style and they'll stay
22:02 ether img class="" was being lost
22:02 trs nod
22:02 ether that seems oddly inconsistent though
22:02 ether but my CSS fu is old
22:03 trs generally id/class/style should be denied entirely or scrubbed/rewritten to a restricted set of values.

| Channels | #metacpan index | Today | | Search | Google Search | Plain-Text | summary