Also, at least for me, click-to-enlarge images and slide galleries weren’t essential to enjoying your post.
Good to hear! :)
(However, it really is a lot of different custom stuff.)
Isn’t allowing <object> an invitation for XSS?
Yes, that’s true, but I am not suggesting allowing <object> tags with arbitrary parameters—only specific ones (i.e., ones where the data attribute is the URL of a trusted site). Then again, I am no security expert!
With something like this, what seems like a good way to implement it is to have a “moderation queue” of some sort (akin to some blogs having a “comments must be approved to be posted” system). So a user who wants to use certain features (such as the aforesaid <object>-based embedding) would post their post, and then it would sit in the mod queue until a moderator looked at it and verified that it wasn’t malicious, that the user in question was someone they trusted not to be malicious, etc.
Anyway, I don’t insist that this solution is the best, or even good; if it can’t be made to work for security reasons, well, that’s that. If it could be made to work, though, then it (or something similar) would be very convenient!
If mods allow that, they make all of LW hackable by you, by anyone who can guess your password, and by anyone who can hack your site at any point in the future. I think that’s way too much trust.
Isn’t allowing <object> an invitation for XSS?
Also, at least for me, click-to-enlarge images and slide galleries weren’t essential to enjoying your post.
Good to hear! :)
(However, it really is a lot of different custom stuff.)
Yes, that’s true, but I am not suggesting allowing
<object>
tags with arbitrary parameters—only specific ones (i.e., ones where thedata
attribute is the URL of a trusted site). Then again, I am no security expert!With something like this, what seems like a good way to implement it is to have a “moderation queue” of some sort (akin to some blogs having a “comments must be approved to be posted” system). So a user who wants to use certain features (such as the aforesaid
<object>
-based embedding) would post their post, and then it would sit in the mod queue until a moderator looked at it and verified that it wasn’t malicious, that the user in question was someone they trusted not to be malicious, etc.Anyway, I don’t insist that this solution is the best, or even good; if it can’t be made to work for security reasons, well, that’s that. If it could be made to work, though, then it (or something similar) would be very convenient!
If mods allow that, they make all of LW hackable by you, by anyone who can guess your password, and by anyone who can hack your site at any point in the future. I think that’s way too much trust.
Yeah, fair point. Ok, back to the drawing board, I suppose!