Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2012-08-24 20:02:04

argi
Plugin Author
Registered: 2012-06-17
Posts: 8
Website

[textile] TxStyle -- Documentation for Textile

As Textpattern is a flexible, elegant and easy-to-use CMS — Textile is an elegant and easy-to-use markup language. Logically, TxStyle shall be for Textile documentation.

Just an attempt to bring the documentation up-to-date, to honor Netcarver’s awesome work, and to show off the many improvements since 2.0. Perhaps this can be developed into an official Textile documentation.

Last edited by argi (2012-08-24 20:12:07)

Offline

#2 2012-08-24 20:29:34

maniqui
Member
From: Buenos Aires, Argentina
Registered: 2004-10-10
Posts: 3,070
Website

Re: [textile] TxStyle -- Documentation for Textile

Wow! Great work, argi!
And the site is running on Textpattern 4.5 beta.

PS: feel free to join #textile at freenode.net and hang out with the Textile pals (we are like… 3 or 4).


La música ideas portará y siempre continuará

TXP Builders – finely-crafted code, design and txp

Offline

#3 2012-08-24 21:09:57

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 9,839
Website

Re: [textile] TxStyle -- Documentation for Textile

Holy Friday Pyjamas, Batman. Top work.

Love the fact you can try out the stuff in real-time. As you’ve found though (most noticeable on the block code page) if you use <script> or <?php or a <txp:> tag, the result is actually executed and swallowed by the server, hence they don’t display formatted. Especially confusing when demonstrating bc.. Is there a way round this?

Anyway, that’s an awesome bit of work. Yes let’s revive talk of officialdom, taking into account the ports like Redcloth that you’ve mentioned in the footer links. Shhhhmokin’


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#4 2012-08-24 21:21:06

argi
Plugin Author
Registered: 2012-06-17
Posts: 8
Website

Re: [textile] TxStyle -- Documentation for Textile

Thanks Maniqui and Bloke, but actually the code is borrowed from Jason Garber’s RedCloth website. I don’t understand it anyway.

Bloke wrote:

the result is actually executed and swallowed by the server

This is on purpose and because of this line $text = strip_tags(trim($_POST['text']));, so that nobody would execute PHP or Javascript on my site.

Offline

#5 2012-08-24 22:21:42

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 9,839
Website

Re: [textile] TxStyle -- Documentation for Textile

argi wrote:

This is on purpose… so that nobody would execute PHP or Javascript on my site.

And very prudent of you. Somehow, we got round the <txp: restriction on the sitemonks site so those tags get returned. We just forbade <script> and <?php with an explicit “go away” message. Can’t remember how it was done offhand, but maybe you could ask net-carver if he remembers how he set it up to pass txp: tags through. Not important in the grand scheme of things, though. The fact you’ve updated this and made it run the latest Textile in such a neat fashion is great.

Last edited by Bloke (2012-08-24 22:22:54)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#6 2012-08-24 23:23:42

Gocom
Plugin Author
From: Helsinki, Finland
Registered: 2006-07-14
Posts: 4,533
Website

Re: [textile] TxStyle -- Documentation for Textile

The site is great. Good job.

Just remember that strip_tags merely searches from left to right for < and suppresses anything up to the next >. Since it uses such safe approach, It should be safe, but I wouldn’t recommend filtering as the primary defense.

I would really recommend doing simple byte-safe sanitation. Just sanitize and encode the characters. No filtering, no parsing, no nothing. Just do a simple byte to byte replacement. Thing’s don’t get safer or simpler.

Plus, do NOT use Textpattern for the Textile parser. Run the Textile class separately, the site itself can use Textpattern. That removes any danger of Textpattern parsing injected Textpattern tags or executing PHP. When Textpattern isn’t involved responding to the Textile requests, the biggest danger is a client-side XSS and overflows.

Bloke wrote:

We just forbade <script> and <?php with an explicit “go away” message.

Throwing provoking message is not a good idea. Ends in tears, it’s a challenge. If you need do blocking, display a generic error page.

Last edited by Gocom (2012-08-24 23:27:45)

Offline

#7 2012-08-25 00:12:45

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 9,839
Website

Re: [textile] TxStyle -- Documentation for Textile

Gocom wrote:

Throwing provoking message is not a good idea

Sorry, bad choice of phrase. I didn’t actually mean “explicit” as in “ha ha, you stupid dolphin, you should try harder to hack, go and read Script Kiddie Vol. 1”. I meant “generic”, as in “We detected something was sent that we didn’t expect. Please try again”. AFAIR, it’s the same message if the input is genuinely mangled due to encoding, or if the server 500s or something. Been a while.

Last edited by Bloke (2012-08-25 00:15:59)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#8 2012-08-25 06:47:21

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 8,355
Website

Re: [textile] TxStyle -- Documentation for Textile

Wonderfully useful site. Thanks argi.


Yiannis
——————————
neme.org | hblack.net | State Machines | NeMe @ github
I do my best editing after I click on the submit button.

Offline

#9 2012-08-25 07:15:48

SuMu
Member
From: Germany - Wuppertal
Registered: 2008-03-06
Posts: 242
Website

Re: [textile] TxStyle -- Documentation for Textile

Thanks – Great work :-)


viele Grüße
SuMu

Psychomuell + blogZicke

Offline

#10 2012-08-25 07:20:58

jstubbs
Moderator
From: Hong Kong
Registered: 2004-12-13
Posts: 2,395
Website

Re: [textile] TxStyle -- Documentation for Textile

Lovely job!! Thanks.

Offline

Board footer

Powered by FluxBB