![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
blufiveLJ have just tweaked their HTML/CSS cleaner, according to the support page. In the process, they drove cart and horses through my carefully hand-crafted S1 style here. It may take come time to sort it out. If anyone can point me at a list of what exactly this new beastie is twitchy about, it could make my life a lot easier; otherwise I'm going to have to reverse-engineer things to work out what is and isn't allowed.
While they have some legitimate concerns* I think they're currently stripping stuff that's pretty harmless. For example, how the hell can
Well, at least it proves that my "graceful degradation" works as intended...
*there are some downright terrifying browser-specific features out there, from the perspective of defending against cross-site scripting attacks.
[edit: there was a post on the subject on![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-community.gif)
lj_maintenance shortly after a wrote this. I think I'll wait a day or two for things to settle down before I attempt to clean up. I mean, it's not like many people read this journal in the native style, rather than via their own LJ-friends view or some other aggregator]
While they have some legitimate concerns* I think they're currently stripping stuff that's pretty harmless. For example, how the hell can
<style type="text/css"> be malicious?Well, at least it proves that my "graceful degradation" works as intended...
*there are some downright terrifying browser-specific features out there, from the perspective of defending against cross-site scripting attacks.
[edit: there was a post on the subject on
lj_maintenance shortly after a wrote this. I think I'll wait a day or two for things to settle down before I attempt to clean up. I mean, it's not like many people read this journal in the native style, rather than via their own LJ-friends view or some other aggregator]![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2006-02-22 13:29 (UTC)Anyway. Forgot to reply to this for ages but just wanted to say thanks for the acknowledgement - we had so many people spitting blood over it that it's really nice for someone to just say "oh bother, how awkward but I can see why you're doing it" Yay for reasonable people :)
no subject
Date: 2006-02-22 19:38 (UTC)Like I said, I've done tech support, so I have some idea what it's like to be the poor soul jumping into the breach to handle front-line support after someone shafted the world - you can do without users yelling at you (though I'm sure you had a plentiful supply).
I'm also moderately in touch with browser development/security, and develop web applications professionally, so I'm aware of the need, sometimes, to just plug the hole FAST and deal with the fallout later...
While I'm not up to speed on the precise ins and outs, I know enough of the background to be sure that the LJ developers weren't jumping at shadows - if remote stylesheets can attach javascript, all hell breaks loose when users have the level of control they do here.