April 03
On 4/2/21 10:59 PM, Walter Bright wrote:
> On 4/1/2021 12:42 PM, Walter Bright wrote:
>> I'm concerned about running arbitrary scripts - what if bad people post malicious scripts that unsuspecting forum readers may run by reading the message? Could the Dfeed server be compromised by them?
> 
> This just showed up on HackerNews:
> 
> https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html 
> 

Walter, the DDOC stuff, and especially the $(SCRIPT) part was a well done April fools joke ;)

To recap:

1. Markdown is implemented, not DDOC
2. There is no arbitrary scripting available.

-Steve
April 03

On Saturday, 3 April 2021 at 12:18:56 UTC, Steven Schveighoffer wrote:

>

Walter, the DDOC stuff, and especially the $(SCRIPT) part was a well done April fools joke ;)

It's such a good one, best one this year for me.

It works so well because it starts and ends truthfully: he actually implemented a long requested feature, and then only joked about the syntax. So you're kind of like "the implementation is a bit iffy, but it can be improved later".

Then when you go back to the post with hindsight, you wonder how you possibly fell for it.

>

There already exists an elegant and well-established markup language that members of our community are well familiar with, which is what has been implemented today. I am, of course, talking about DDoc!

>

Tables are even easier:
example with 4 different macros

April 03

On Thursday, 1 April 2021 at 07:27:38 UTC, Vladimir Panteleev wrote:

>

(This post best viewed on forum.dlang.org!)

[...]

Why not make the Markdown checkbox active by default? Easier to read variable width font.

April 04

On Saturday, 3 April 2021 at 12:18:56 UTC, Steven Schveighoffer wrote:

>

Walter, the DDOC stuff, and especially the $(SCRIPT) part was a well done April fools joke ;)

To recap:

  1. Markdown is implemented, not DDOC
  2. There is no arbitrary scripting available.

-Steve

To be honest, I thought the whole thing was a joke. Didn’t think this would be something people would like due to them using the newsgroup thing... 😅

April 04

On Thursday, 1 April 2021 at 07:27:38 UTC, Vladimir Panteleev wrote:

>

(This post best viewed on

import std.stdio: writeln;
void nice()
{
    writeln("It works!");
}

Cool!

April 04

On Sunday, 4 April 2021 at 10:57:38 UTC, aberba wrote:

>

On Thursday, 1 April 2021 at 07:27:38 UTC, Vladimir Panteleev wrote:

>

(This post best viewed on

import std.stdio: writeln;
void nice()
{
    writeln("It works!");
}

Cool!

Coming up:
Integrated "Run this" button for each block 😍

April 04

On Sunday, 4 April 2021 at 11:08:44 UTC, Imperatorn wrote:

>

Integrated "Run this" button for each block 😍

Yes, please!

April 06
On Friday, 2 April 2021 at 10:23:29 UTC, Vladimir Panteleev wrote:
> On Friday, 2 April 2021 at 10:12:25 UTC, ag0aep6g wrote:
[...]
>> Does the forum even support any HTML tags? If not, there's no point in stripping them. But maybe that's a limitation of the Markdown library you're using.
>
> The implementation does provide a knob with two settings (strip all HTML or allow all HTML). I don't know if it's due to a technical limitation of that particular implementation. I suspect that the reason may be something along the lines of that for the purposes of the formal specification, there should be a simple and clear rule for when sequences of characters are interpreted as HTML vs. when they are not, or something like that.

In my opinion, the proper solution would be to escape HTML before passing the string to the Markdown processor.

So when I enter this:

    <b>bold?</b> **bold!**

First turn it into this:

    &lt;b&gt;bold?&lt;/b&gt; **bold!**

Then pass that to the Markdown processor which turns it into this for the browser:

    &lt;b&gt;bold?&lt;/b&gt; <b>bold!</b>

And newsgroup users get the original input, no "\<" or "&lt;".

The Markdown processor won't strip any tags, because it won't see any to begin with.
April 07
On Tuesday, 6 April 2021 at 22:01:42 UTC, ag0aep6g wrote:
> In my opinion, the proper solution would be to escape HTML before passing the string to the Markdown processor.

Escaping all HTML special characters, regardless of context, would break:

- using said characters within code blocks (inline and otherwise), where the Markdown processor treats them verbatim;

- using them in Markdown syntax constructs, such as block quotes (though arguably we only need to escape `<`) and <URL>s (which arguably isn't very useful as we have GitHub auto-links turned on).

So, this transformation would need to be as part of the Markdown parsing process (or otherwise replicate a subset of it, to know when to escape and when not to, which is bound to be fragile).

GitHub's implementation does add a few settings regarding HTML, but they seem to be mainly about allowing certain HTML tags (which we don't want to do, as HTML makes messages less readable in plain text).

FWIW, github.com also strips HTML tags that it does not recognize, and doesn't even warn you.
April 07
On 07.04.21 08:16, Vladimir Panteleev wrote:
> Escaping all HTML special characters, regardless of context, would break:
> 
> - using said characters within code blocks (inline and otherwise), where the Markdown processor treats them verbatim;
> 
> - using them in Markdown syntax constructs, such as block quotes (though arguably we only need to escape `<`) and <URL>s (which arguably isn't very useful as we have GitHub auto-links turned on).
> 
> So, this transformation would need to be as part of the Markdown parsing process (or otherwise replicate a subset of it, to know when to escape and when not to, which is bound to be fragile).

Ah, dang it. Never mind then. Thanks for indulging me.
1 2 3 4 5 6 7