Another Self Deprecating Title

Posted on by

I dropped Daypop from my news aggregator today. I’ve decided that the masses really are stupid, and I’m not that concerned about what they’re reading. #

MovableType: Sanitize: Cleaning Up Incoming Data.

When data is submitted by visitors to your site, that data should not necessarily be trusted. If you are allowing HTML in your comments, for example, visitors to your site could submit malicious HTML, or scripts in Javascript or PHP, to run code on your site. This code could do anything from reading cookies to reading private files on your server. To protect your site, Movable Type cleans up (“sanitizes”) any data submitted by visitors to your site. This includes any comment data and any TrackBack data. This cleanup is done to remove any code (HTML or otherwise) that could compromise the security of your site. The sanitization process works by only allowing certain HTML tags—any other tags, and all processing and scripting instructions (PHP, JSP, Javascript), are stripped…One other feature of the sanitization process is that it will add closing tags for any tags left open in the sanitized text. For example, if a visitor to your site opens a <b> tag and forgets the close it, the sanitize process will add a </b> tag.

The emphasis is mine on the last part there. After Jai and I had discussed the embarassment of bad comment markup a bit ago, I went looking for a way to solve the problem. I knew that it would probably involve MovableType macros at some level, I just hadn’t realized they integrated the Santize feature-set into version 2.63. So, this afternoon I upgraded. It wasn’t hard at all, but I would advise making a full backup of your MT install and data before getting started. At any rate, the comments are a bit more restrictive in the markup they allow (no more img tags—sorry, Jai), but protect against evil markup tricks like this. #

From the dumbest-inventions-ever department: do you remember those velcro monitor-mount copyholders that were all the rage in the mid-nineties? Did you ever apply one of those velcro strips to your monitor wondering how in the world you were ever going to remove it if need be? Well, today I got a free monitor from my friend Jode and was faced with such a quandry. I found such a great solution, though, that I’d like to share it:

How to remove crufty velcro-strips from otherwise decent old monitors

# Peel away a corner of the strip just enough to get a pair of pliars on the thing
# Use the pliars to peel the rest of the strip off
# Spray some WD-40 on the glue—the lubricant will act as a solvent to loosen the bonds of the glue
# Use a somewhat abrasive pad to scrub the glue away (this may take some time, repeated applications)
# Once the glue is off, use Windex or some other spray cleaner to remove the lubricant

That’s it! I think my father-in-law would be proud. :) #

Google is dancing. At the time of this writing, the new PageRank indexes are installed in two Google datacenters. I tried the “ken walker” and “sarah walker” searches at those data centers and was shocked to find Our Story had slipped from #8 to #21 and #3 to #11, respectively. Suck. #

I’m also starting to learn a bit about MT Macros (finally). I knew that you could use them to do cool stuff in MovableType. It’s just, well, there’s already so much cool stuff that MT will do that I don’t know that I never felt the need to go venturing out looking for more stuff to, well, not know. At any rate, I’m starting to experiment with automatic abbreviations, courtesy of—you guessed it—Mark Pilgrim. You know, I’d probably stop trying to imitate the guy if he didn’t do so much interesting stuff and then give away all his source code. :) #

Anyone know how to set up a bookmark in Mozilla (Firebird) such that I can type “d obfuscate” and have Mozilla query Dictionary.com for the definition of obfuscate? I’ve had the hardest time trying to find a general “help” manual online. Update: Asa provided some links to a number of references for this question. Thanks! #

As part of a clever sales initiative at work, management has been bringing in free lunches to encourage people to stay and work rather than go out. Though I don’t have anything to do with sales, I think it’s a great idea. And, as a coworker noted, free lunch always tastes better. #

6 thoughts on “Another Self Deprecating Title

  1. why are we up at this hour?… Fighting a frickin’ virus… I’ll log on that tommorow… me need sleepy…

    Hey, no img tags are default in the sanitize spec, but on my blog, I allowed them in by making my own. Check out the “sanitize spec” section of your configuration preferences. You can add em back in if you want, or not- it’s your blog :)

    here’s what I have in my sanitize spec:

    span class, div class, a href, b, i, p, u, blockquote, img/, * src style align

    that allows spans with classes, divs with classes (these are mainly for me, who knows my own stylesheet), a href (obviously), bold, italic, paragraphs, underlines, blockquotes (tabs, but you knew that) and images with src/style/and align attributes

    um… yeah going to bed… dang virus…

  2. Ken,

    In firebird to do the d thing – do this:

    go to dictionary.com and search for a word.
    Create a bookmark of the results page.
    Under the “Bookmarks” menu select “Manage Bookmarks”
    right click the dictionary.com bookmark, and select properties.
    set the keyword to “d”
    edit the saved url and replace whatever word you searched with with “%s”
    click ok to save it, and close the bookmark manager.
    Now you can type “d word” in your address bar to search dictionary.com for word.

    Enjoy. :)

  4. Ryan that’s sweet… you could put up a “definition look-up on dictionary.com” function to a site so easily with that! Now… I guess the question is why would you want to… I don’t have an aswer to that… but I want to ty it anyway cause it’s cool… thanks for dropping the tip :)

  5. Jai,

    Suppose so, but a lot of that is phoenix functionality. Phoenix replaces the %s with whatever is after the keyword and space. I havent tried using multiple %s’s so you could say d word source or something and have it search for word from source. That woudl be hip.

    To do it on a site, just create a form that takes whatever is in the text box and appends it to the url where the %s would be… you may need to run a filter on it to convert spaces to %20 as well… or whatever symbol dictionary.com uses.

    If you really want to use it, set the same thing up for google and a bunch of other reference sources…

    “g ” and you get results. or “go ” for googles “feeling lucky” search – that could be neat. :)

    I like the feature so much, I may start using firebird now. Typically I stick with IE, or mozilla on linux.

  6. Ryan, if you want to check out a pretty cool browser, check out MYIE2, it’s like a glorified, tabbed browsing, feature rich version of IE… eck, I think it even uses the IE kernel…