OY!

2006-02-08 09:02
blufive: (Default)
[personal profile] blufive
LJ have just tweaked their HTML/CSS cleaner, according to the support page. In the process, they drove cart and horses through my carefully hand-crafted S1 style here. It may take come time to sort it out. If anyone can point me at a list of what exactly this new beastie is twitchy about, it could make my life a lot easier; otherwise I'm going to have to reverse-engineer things to work out what is and isn't allowed.

While they have some legitimate concerns* I think they're currently stripping stuff that's pretty harmless. For example, how the hell can <style type="text/css"> be malicious?

Well, at least it proves that my "graceful degradation" works as intended...

*there are some downright terrifying browser-specific features out there, from the perspective of defending against cross-site scripting attacks.

[edit: there was a post on the subject on [livejournal.com profile] lj_maintenance shortly after a wrote this. I think I'll wait a day or two for things to settle down before I attempt to clean up. I mean, it's not like many people read this journal in the native style, rather than via their own LJ-friends view or some other aggregator]
Tags:
Threaded | Flat

Date: 2006-02-08 09:23 (UTC)
From: [identity profile] swisstone.livejournal.com
Oh dear, they have done it no favours, have they?

Date: 2006-02-08 09:43 (UTC)
From: [identity profile] yonmei.livejournal.com
They just told me they inadvertantly stripped some CSS they shouldn't have, and my journal should display correctly now (it does).

Date: 2006-02-08 09:51 (UTC)
ext_16733: (Default)
From: [identity profile] akicif.livejournal.com
Just for the hell of it I went back to my old S1 style, and it seems to work okay - I should fix my (moribund) blog as well, and then I'll have LJ, DJ and the blog looking the same.

Date: 2006-02-08 11:22 (UTC)
kingandy: (Default)
From: [personal profile] kingandy
My journal style got screwed over too, and that was one of their built-in ones (I've since switched over to a much more simple one that actually works a lot better, though I'd rather a non-serif font.)

FWIW, it doesn't seem to be objecting to <style type="text/css">, it just "cleans" what's inside them. Where you may be going wrong is using an @import (which is, apparently, suspect) instead of <link rel="stylesheet" href="[address]" type="text/css">...

Date: 2006-02-08 12:15 (UTC)
From: [identity profile] tinyjo.livejournal.com
<style> tags should be OK but @import rules are out, unfortunatly - I had the same thing. Convert to including your stylesheet via <link rel="stylesheet" etc> and you should find that you start getting somewhere (although I don't know what happens about offsite styles there - my stylesheet is generated on LJ as part of my S2 style).

I don't think there's a documented list of what's allowed/not currently but if you look in the source you should find that it tries to leave you useful comments as to what it's taking out (so, for example, yours currently has a /* suspect CSS: import rule */ in it)
Threaded | Flat

Profile

blufive: (Default)
blufive

Navigation

April 2024

S M T W T F S
 123456
78910111213
14151617181920
21222324252627
282930    

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated 2026-03-23 11:22
Powered by Dreamwidth Studios