Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
[textile] TxStyle -- Documentation for Textile
As Textpattern is a flexible, elegant and easy-to-use CMS — Textile is an elegant and easy-to-use markup language. Logically, TxStyle shall be for Textile documentation.
Just an attempt to bring the documentation up-to-date, to honor Netcarver’s awesome work, and to show off the many improvements since 2.0. Perhaps this can be developed into an official Textile documentation.
Last edited by argi (2012-08-24 20:12:07)
Offline
Re: [textile] TxStyle -- Documentation for Textile
Wow! Great work, argi!
And the site is running on Textpattern 4.5 beta.
PS: feel free to join #textile at freenode.net and hang out with the Textile pals (we are like… 3 or 4).
Offline
Re: [textile] TxStyle -- Documentation for Textile
Holy Friday Pyjamas, Batman. Top work.
Love the fact you can try out the stuff in real-time. As you’ve found though (most noticeable on the block code page) if you use <script>
or <?php
or a <txp:>
tag, the result is actually executed and swallowed by the server, hence they don’t display formatted. Especially confusing when demonstrating bc.
. Is there a way round this?
Anyway, that’s an awesome bit of work. Yes let’s revive talk of officialdom, taking into account the ports like Redcloth that you’ve mentioned in the footer links. Shhhhmokin’
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Offline
Re: [textile] TxStyle -- Documentation for Textile
Thanks Maniqui and Bloke, but actually the code is borrowed from Jason Garber’s RedCloth website. I don’t understand it anyway.
Bloke wrote:
the result is actually executed and swallowed by the server
This is on purpose and because of this line $text = strip_tags(trim($_POST['text']));
, so that nobody would execute PHP or Javascript on my site.
Offline
Re: [textile] TxStyle -- Documentation for Textile
argi wrote:
This is on purpose… so that nobody would execute PHP or Javascript on my site.
And very prudent of you. Somehow, we got round the <txp:
restriction on the sitemonks site so those tags get returned. We just forbade <script>
and <?php
with an explicit “go away” message. Can’t remember how it was done offhand, but maybe you could ask net-carver if he remembers how he set it up to pass txp: tags through. Not important in the grand scheme of things, though. The fact you’ve updated this and made it run the latest Textile in such a neat fashion is great.
Last edited by Bloke (2012-08-24 22:22:54)
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Offline
Re: [textile] TxStyle -- Documentation for Textile
The site is great. Good job.
Just remember that strip_tags merely searches from left to right for <
and suppresses anything up to the next >
. Since it uses such safe approach, It should be safe, but I wouldn’t recommend filtering as the primary defense.
I would really recommend doing simple byte-safe sanitation. Just sanitize and encode the characters. No filtering, no parsing, no nothing. Just do a simple byte to byte replacement. Thing’s don’t get safer or simpler.
Plus, do NOT use Textpattern for the Textile parser. Run the Textile class separately, the site itself can use Textpattern. That removes any danger of Textpattern parsing injected Textpattern tags or executing PHP. When Textpattern isn’t involved responding to the Textile requests, the biggest danger is a client-side XSS and overflows.
Bloke wrote:
We just forbade <script> and <?php with an explicit “go away” message.
Throwing provoking message is not a good idea. Ends in tears, it’s a challenge. If you need do blocking, display a generic error page.
Last edited by Gocom (2012-08-24 23:27:45)
Offline
Re: [textile] TxStyle -- Documentation for Textile
Gocom wrote:
Throwing provoking message is not a good idea
Sorry, bad choice of phrase. I didn’t actually mean “explicit” as in “ha ha, you stupid dolphin, you should try harder to hack, go and read Script Kiddie Vol. 1”. I meant “generic”, as in “We detected something was sent that we didn’t expect. Please try again”. AFAIR, it’s the same message if the input is genuinely mangled due to encoding, or if the server 500s or something. Been a while.
Last edited by Bloke (2012-08-25 00:15:59)
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Offline
Re: [textile] TxStyle -- Documentation for Textile
Wonderfully useful site. Thanks argi.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Online
Re: [textile] TxStyle -- Documentation for Textile
Thanks – Great work :-)
Offline
Offline
#11 2012-08-26 19:54:28
- els
- Moderator
- From: The Netherlands
- Registered: 2004-06-06
- Posts: 7,458
Re: [textile] TxStyle -- Documentation for Textile
Great job, argi! Bookmarked.
Offline
Re: [textile] TxStyle -- Documentation for Textile
thumbs up, +10000 or whatever the status quo is :)
Thanks argi
Offline