Comments, Please
I just put up the comments. This took a few hours of work to get right, and I suspect that there are still bugs. The formatting seems to be great, but I think that there might be problems with submission. I’ve tried to make it somewhat secure by stripping most of the nonsense you could put into one of the form strings to cause nasty things to happen. So (fingers crossed) it should be safe from SQL injection, XSS trickery, or html that messes up the page too much.
I’ve allowed some tags, and this introduces a problem: you can submit a comment that doesn’t have proper closing tags, such as
<del>I think I'm funny
and mess with subsequent comments and text. I’ve yet to think of a good way to fix this, but I’m sure I’ll come up with something soon. I’m open to suggestions; why don’t you go ahead and leave one in the comments? :P
As I was working on the form validation, I came across a tidbit of knowledge I hadn’t been aware of. Apparently, the official specification for a valid email address is in RFC 2822 and can be implemented with this monster of a regular expression. Lovely.
Update: I’d love it if you’d like to try to break the comments, but please do it in the testing area of my site at http://ctrl-c.us/testing/. Also, please don’t try anything too malicious. If you notice something, leave a comment to let me know. Thanks.
No comments yet.