Meta note: I wanted to cross-post the entirety of this post here, rather than just making it a link post. Unfortunately, it turned out that doing so would be a massive amount of work—I’d have to do a whole lot of manual conversion of the markup, etc.—and many features of the original post would be simply impossible to convert (the slide galleries, the click-to-enlarge-images feature, the footnotes and backreferences, the nicely-formatted table, etc.).
I would love to see LW2 (or, as I guess I should now say, simply ‘LW’) somehow solve this issue. (I have some ideas for how this might be approached, but none of them are simple, alas…) It seems to me that encouraging cross-posting is a desirable goal.
Near future we’ll have deployed the markdown post editor. (I think we also have some ways to html imports but they’re something we’re a bit cautious about)
As Oliver said, it’s a lot more than just markup… there’s custom CSS, and even Javascript.
Is it at all possible to allow embedding of entire pages, such as via <object> tags? (In my case, I would then create a special view (toggled via a URL parameter) onto the blog post page—something my blogging software lets me do easily—that would show the content only, without the sidebar, comment section, site header, etc.; and then embed that view into the LW post.)
Also, at least for me, click-to-enlarge images and slide galleries weren’t essential to enjoying your post.
Good to hear! :)
(However, it really is a lot of different custom stuff.)
Isn’t allowing <object> an invitation for XSS?
Yes, that’s true, but I am not suggesting allowing <object> tags with arbitrary parameters—only specific ones (i.e., ones where the data attribute is the URL of a trusted site). Then again, I am no security expert!
With something like this, what seems like a good way to implement it is to have a “moderation queue” of some sort (akin to some blogs having a “comments must be approved to be posted” system). So a user who wants to use certain features (such as the aforesaid <object>-based embedding) would post their post, and then it would sit in the mod queue until a moderator looked at it and verified that it wasn’t malicious, that the user in question was someone they trusted not to be malicious, etc.
Anyway, I don’t insist that this solution is the best, or even good; if it can’t be made to work for security reasons, well, that’s that. If it could be made to work, though, then it (or something similar) would be very convenient!
If mods allow that, they make all of LW hackable by you, by anyone who can guess your password, and by anyone who can hack your site at any point in the future. I think that’s way too much trust.
Ah, no. The post has a bunch of custom HTML elements, such as slide galleries and tables and some special image formatting, which is indeed quite a challenge to implement.
Meta note: I wanted to cross-post the entirety of this post here, rather than just making it a link post. Unfortunately, it turned out that doing so would be a massive amount of work—I’d have to do a whole lot of manual conversion of the markup, etc.—and many features of the original post would be simply impossible to convert (the slide galleries, the click-to-enlarge-images feature, the footnotes and backreferences, the nicely-formatted table, etc.).
I would love to see LW2 (or, as I guess I should now say, simply ‘LW’) somehow solve this issue. (I have some ideas for how this might be approached, but none of them are simple, alas…) It seems to me that encouraging cross-posting is a desirable goal.
Was it a markdown post or some other formatting?
Near future we’ll have deployed the markdown post editor. (I think we also have some ways to html imports but they’re something we’re a bit cautious about)
As Oliver said, it’s a lot more than just markup… there’s custom CSS, and even Javascript.
Is it at all possible to allow embedding of entire pages, such as via
<object>tags? (In my case, I would then create a special view (toggled via a URL parameter) onto the blog post page—something my blogging software lets me do easily—that would show the content only, without the sidebar, comment section, site header, etc.; and then embed that view into the LW post.)Isn’t allowing <object> an invitation for XSS?
Also, at least for me, click-to-enlarge images and slide galleries weren’t essential to enjoying your post.
Good to hear! :)
(However, it really is a lot of different custom stuff.)
Yes, that’s true, but I am not suggesting allowing
<object>tags with arbitrary parameters—only specific ones (i.e., ones where thedataattribute is the URL of a trusted site). Then again, I am no security expert!With something like this, what seems like a good way to implement it is to have a “moderation queue” of some sort (akin to some blogs having a “comments must be approved to be posted” system). So a user who wants to use certain features (such as the aforesaid
<object>-based embedding) would post their post, and then it would sit in the mod queue until a moderator looked at it and verified that it wasn’t malicious, that the user in question was someone they trusted not to be malicious, etc.Anyway, I don’t insist that this solution is the best, or even good; if it can’t be made to work for security reasons, well, that’s that. If it could be made to work, though, then it (or something similar) would be very convenient!
If mods allow that, they make all of LW hackable by you, by anyone who can guess your password, and by anyone who can hack your site at any point in the future. I think that’s way too much trust.
Yeah, fair point. Ok, back to the drawing board, I suppose!
Ah, no. The post has a bunch of custom HTML elements, such as slide galleries and tables and some special image formatting, which is indeed quite a challenge to implement.