I've finally hacked support for comments into my home-grown CMS. Following Simon Willison's lead, comments here are run through an XML parser to first check for well-formedness, then to ensure only selected elements and attributes are used.
I've opened comments on the two most recent entries to start. Let me know if you run into any problems posting, or if you think any of the error messages could be made more clear.
Here's a quick test of the allowed elements. There's a link in this sentence.
Some emphasized text. Strong text.
Some code:
#!/usr/bin/perlA citation: Bill Gates. This site uses CSS.
Well it appears to work rather well. I intend to do the same thing on a future si-blog, after I've figured out how to get mod_rewrite to work properly!
Will my details be cookified?
This is just another boring test comment.
Hey there. We use Simon's code on our blog and have found that url's with unescaped ampersand's fail, but the error message doesn't give much for advice.
So I've included the following help: "The validator will reject unescaped ampersands (including those in urls), however it won't provide a warning message, it will simply state "XHTML is not well-formed"."
Good point, Mike. I've hacked in a clearer message for comments that fail the parser's well-formedness check:
There was a bug that allowed javascript in the
namefield. Sorry to any of you exposed to the earth-shatteringly disgusting pictures to which at least one unscrupulous visitor was able to forward some visitors to this site.Unless, uh, you were into that sort of thing.
Individual entry archive pages are now dynamically generated. This is a test.