Thanks for getting rid of auto-refresh. It sucked to have the page refresh while typing or scrolling.
Be careful when you do unicode. I know that's often requested, so it'll probably be done, but be aware it makes protection from injection attacks (including sql & script) much trickier. You probably want do do encoding on output and bound parameters on input, rather than trying to filter input.
The last day or two I had error saying I was posting from an open proxy, on multiple devices and networks. It
Does anyone actually want Unicode, or just a small subset of features missing from whatever encoding they now use, in the dominant encoding of the era? We've lived with parsimony for a long time now, just scrub everything in Unicode that isn't obviously a feature with a minimal down-side.
Here's a sane approach. Go to the New York Times or The Atlantic or the WSJ or The Economist, download the top 1000 articles from the last 100 days and include every character you consistently find there (plus obvious gap fillers). That's all I ever wanted. Few or none of these characters will facilitate injection attacks. Then people can suggest other parts of Unicode on a case by case basis.
Good grief, why would anyone adopt the whole seething enchilada all at once?
Because it's a website for geeks, and that includes geeky language stuff.
At the very minimum, Greek should be enabled to facilitate math.
Ideally, I'd want full Unicode. You never know when someone might need to post something interesting in Tibetan script, say (even if they still have to provide the translation, as well).
There are better ways of handling "injection" attacks than blacklisting most non-Latin alphabets.
The pound symbol would be nice. I know you can do it with some escape string thing, but screw that. I just want to be able to type. Euros, the east Asian currency symbol (the Y with two lines though it) as well.
Beyond that some ability to do basic maths stuff like Greek characters and some symbols would be good. Personally I'd like Japanese support as well, but I appreciate it's not something that would get used much.
In any case, the Soylent managed to do Unicode pretty quickly and it hasn't caused problems
Then people can suggest other parts of Unicode on a case by case basis.
Anything from the Latin codeblocks is pretty near essential.
Having access to the Greek, Cyrillic and CJK blocks would be nice the rare occasion the discussion turns towards a language, but I can live without them too.
The IBM purchase of ROLM gives new meaning to the term "twisted pair".
-- Howard Anderson, "Yankee Group"
Where's my UTF8? (Score:3)
Just kidding, I'm sure fixing slashcode for that is going to be a nightmare.
Re: (Score:5, Informative)
auto-refresh sucked. Beware UTF8 injections (Score:5, Insightful)
Thanks for getting rid of auto-refresh. It sucked to have the page refresh while typing or scrolling.
Be careful when you do unicode. I know that's often requested, so it'll probably be done, but be aware it makes protection from injection attacks (including sql & script) much trickier. You probably want do do encoding on output and bound parameters on input, rather than trying to filter input.
The last day or two I had error saying I was posting from an open proxy, on multiple devices and networks. It
Re:auto-refresh sucked. Beware UTF8 injections (Score:5, Interesting)
Does anyone actually want Unicode, or just a small subset of features missing from whatever encoding they now use, in the dominant encoding of the era? We've lived with parsimony for a long time now, just scrub everything in Unicode that isn't obviously a feature with a minimal down-side.
Here's a sane approach. Go to the New York Times or The Atlantic or the WSJ or The Economist, download the top 1000 articles from the last 100 days and include every character you consistently find there (plus obvious gap fillers). That's all I ever wanted. Few or none of these characters will facilitate injection attacks. Then people can suggest other parts of Unicode on a case by case basis.
Good grief, why would anyone adopt the whole seething enchilada all at once?
Re: (Score:2)
Because it's a website for geeks, and that includes geeky language stuff.
At the very minimum, Greek should be enabled to facilitate math.
Ideally, I'd want full Unicode. You never know when someone might need to post something interesting in Tibetan script, say (even if they still have to provide the translation, as well).
There are better ways of handling "injection" attacks than blacklisting most non-Latin alphabets.
Re: (Score:2)
The pound symbol would be nice. I know you can do it with some escape string thing, but screw that. I just want to be able to type. Euros, the east Asian currency symbol (the Y with two lines though it) as well.
Beyond that some ability to do basic maths stuff like Greek characters and some symbols would be good. Personally I'd like Japanese support as well, but I appreciate it's not something that would get used much.
In any case, the Soylent managed to do Unicode pretty quickly and it hasn't caused problems
Re: (Score:2)
I doubt you even get all umlauts from english sites.
Re: (Score:0)
Then people can suggest other parts of Unicode on a case by case basis.
Anything from the Latin codeblocks is pretty near essential.
Having access to the Greek, Cyrillic and CJK blocks would be nice the rare occasion the discussion turns towards a language, but I can live without them too.