fpgroups (was: Re: qualifier)

Fairlight fairlite at fairlite.com
Tue Jul 31 20:58:43 PDT 2007 

On Tue, Jul 31, 2007 at 08:27:57PM -0700, after drawing runes in goat's blood,
fp at casabellagallery.com cast forth these immortal, mystical words:
> Mark posted
> > 
> > It has to be done sometimes, though...  *smile*
> 
> The time is now my man!

Now is the time...for Claritan!  Oh, wrong commercial.  :)

> > As a practical note, it's not generally wise to pop the password back onto
> > the screen when signing people up, mate.  Security no-no.  And it's
> > "immediately", not "inmidiately" on the code snippet return page.
> 
> The input fields are set as type="password". I have tested it with both
> FF and IE and I get ****** every time.  Which browser are you using?

You're missing my point.  Yeah, they're type="password" when you're
-submitting- them (ie., filling out the form).  But what's the point of
that when the return page lists both field numbers with the password and
verification password in plaintext for anyone nearby to read?  The -return-
page from signing up is the one with the problem, not the form itself.  And
that's browser-independant.

> Thanks!  Trying to keep it lightweight using CSS and some JS

Looks good so far!

> > in your display code.  Start spitting out > as &gt;, < as &lt;, " as &quot;
> > and the like.  If you don't filter special characters, not only are you
> > opening yourself to broken visbility issues, but XSS.
> 
> I now, I am having problem with my layers (DIVs) and keeping text under a 
> hard wrap to keep it from flowing beyond its intended boundaries.  I will
> get to it later ...

I don't see where they're related.  You still need to escape special chars
as entities, even if you fix the div overflow.  Speaking of which, for code
you don't want to auto-wrap, you want to scroll sideways to maintain
display integrity:

overflow: auto;

Voila.  Automagic scrollbars appear when needed, stay hidden when not.
The only caveat to that is that if you have div's that appear/disappear and
use auto mode, you -must- specify a static height in -some- unit of
measurement (I'm partial to pixesl myself), or when the div becomes visible
it'll be undersized and the scrollbars will be totally -whacked-.  So if
you toggle visibility and use overflow: auto, make sure you set height for
the div so that auto works correctly--else it doesn't measure things until
the first time it's displayed, and then screws it up in both IE and
Firefox (and possibly others).  If you don't want an absolute height,
specify "overflow: scroll;" instead.  That's the other way to nail that
kitten to the tree.  If you're not making use of visibility toggling, just
toss on auto and you're set.

> registered members or all visitors.  This is why I have not completed
> those two fields - The code is there, behind the scene, but commented out.

Gotcha.

> I agree!  I will look into having this fixed ASAP ... Privacy is critical and
> I will do whatever possible to intruders from exploiting this.

Taking out -at least- the mailto: anchors around it will minimise it some,
but bots will still parse the body text...just not as often.  It'd be a
fast stopgap measure to take immediately until you decide on and implement
a permanent fix.

> None taken.  I know it is not complete nor really ready for the masses but I
> am so excited about this I can't wait.

I hope the excitement stays for ya.  I've been there.  Then all too often
it becomes just another job you wish you'd never started.  Or maybe it's
just me, but I doubt it.  :)

> Hey, I am honored to see you JOINT and I tell you, it is a different feeling
> when one can put a face to the person in the other side.

My pleasure.  Didn't get a whole lot of quality time with it, but I'll try
and sneak a look in the next few days.  A few things on my plate right now.

> the TO DO list.  Comments such as those you posted here belong in a SUGGESTION
> box.

When it exists, I'll use it.  :)

> Thank very much for taking the time!

Sure thing!

> PS:  Great smile!!!

Gee, thanks!  Bad photo, but the only recent one I had handy on the spur of
the moment...  See, I -do- smile.  I swear!  Really!  Honest!  Actually,
anyone who's caught me on the phone within an hour of getting up or after
20hrs awake knows I can get punchy as hell and quite silly. :)  I'm not
always a complete prick.  That takes dedicated concentration and effort,
after years of practise!

*grin*

Hasta...

mark->
-- 
The latest synth mixdown...
http://media.fairlite.com/Isolation_Voiceless_Cry_Mix.mp3

More information about the Filepro-list mailing list