next »

[antimatter15]

would this be the equivalent of sending an iframe pointing at a webpage via email?

[inp o҉rtb]

Yup! The only difference is that you're limited to Markdown and properly formatted XHTML. There is just one thing I have to fix -- you can package Javascript and CSS in your postings... that can't be good. Any ideas?

I've made some revisions to allow named contacts. When you enter a recipient, you can optionally specify an alphanumeric alias:
http://www.inportb.com/mailfeed/q.php/inportb shizzle
or
shizzle http://www.inportb.com/mailfeed/q.php/inportb

And the next time you want to select the same recipient, you can type simply:
shizzle

If you specify an alias for a different recipient, the new address overrides the old address.

[antimatter15]

Yup! The only difference is that you're limited to Markdown and properly formatted XHTML. There is just one thing I have to fix -- you can package Javascript and CSS in your postings... that can't be good. Any ideas?

I've made some revisions to allow named contacts. When you enter a recipient, you can optionally specify an alphanumeric alias:
http://www.inportb.com/mailfeed/q.php/inportb shizzle
or
shizzle http://www.inportb.com/mailfeed/q.php/inportb

And the next time you want to select the same recipient, you can type simply:
shizzle

If you specify an alias for a different recipient, the new address overrides the old address.

you can try out Google Caja for sandboxing your javascript execution (i have no freaking idea how it works though, it probably uses some unsupported technolory anyways....)

CSS is prettymuch harmless except if it overrides the MailFeed UI/other mail, and if you block out all expression() stuff.

it's great seeing all of this getting together

[inp o҉rtb]

Hm... the way Facebook does it, all your CSS classes are prepended with a specific string. Heck, I'll just strip out the <script> and <style> tags, then somehow remove some of the evil javascript attributes and the javascript: path. I'll leave the style attribute there for now. Time for some regex? =p

It would be nice if Javascript could be used to strip this stuff =p

And I'll check out this Caja stuff.

[antimatter15]

Hm... the way Facebook does it, all your CSS classes are prepended with a specific string. Heck, I'll just strip out the <script> and <style> tags, then somehow remove some of the evil javascript attributes and the javascript: path. I'll leave the style attribute there for now. Time for some regex? =p

It would be nice if Javascript could be used to strip this stuff =p

And I'll check out this Caja stuff.

anything's possible. especially with good regexps. but anything other than a real js interpreter can be tricked.

[inp o҉rtb]

Okay, we now have some rudimentary protection against problematic tags and attributes. It's a client-side solution; all the server does is pass around bits of text.

[antimatter15]

Okay, we now have some rudimentary protection against problematic tags and attributes. It's a client-side solution; all the server does is pass around bits of text.

that's good, so the protocol is really extensible .

[inp o҉rtb]

Indeed. The Markdown rendering is not a default feature either, but requested by the client.

Tagging is now implemented, but filtering by tags is still being developed. Two types of records are subject to tagging: compositions and inbox notifications. Compositions are tagged with keywords related to the composition, which will help with sorting. When a notification is sent to a recipient, these keywords are sent along as foreign tags; that is, they are hints to help the recipient classify the notification. The notification entry also has a regular set of tags which are to be used for sorting purposes.

I believe a trash mechanism can be built on top of this with tag-based exclusion and inclusion in the display.

[cms07]

inportb, sign me up!
This is a great idea!
What was I thinking earlier?

[antimatter15]

what if the sending mail server crashed? with traditional email, as long as your email service is online, you will be still able of getting the message, but with your method, if any of the servers crashed, the email would be unaccessable.

[inp o҉rtb]

Actually, only the sending server needs to be up for mail to be accessible. The receiving server only needs to be up for notification delivery (ideally, the sending server would try again later if the receiving server is not available). With traditional email, the receiving server needs to be up to receive the message. The sending server only needs to be up for a moment to send the message.

Yes, there is more chance for delivery failure. But if you think of it, well-established servers are not down very much, and buffering techniques can be implemented to queue missed messages. Most of the time, a server is "down" because the address is incorrect.

CMS07, I've PM'ed you with an invitation =DI got rid of the table in the registration form and improved the forms overall. The dates displayed are now human-friendly, showing the time of day if it's less than 24 hours from now, the day of year if it's less than a year from now, and the full date otherwise. There have been no serverside changes. I would love to hear your comments on the new forms.

[antimatter15]

is there any way to know if someone modified their email?

[inp o҉rtb]

Only by checking if the notification's time of arrival has changed. So if you didn't check your mail in time to see the earlier revision, then you would not know that you're looking at an edited message.

I've been making heavy modifications to the presentation. There's a new universal sidebar; none of the items on there works except for the registration form and the W3C button. While making the modifications, I discovered that Firefox is just as broken as IE when it comes to inline-blocks Fulltext searching has been implemented. Just type in some keywords in the search box (third one down) on the sidebar and click "Update List" in either the "Read" or "Compose" screens, and the listing will be updated with matches. When searching your own posts in "Compose", the title and body are searched. When searching your inbox in "Read", the title is searched.

There's also tag-based filtering, which can be used simultaneously with the fulltext search. You can filter the results for entries containing your tags of choice, without certain tags, or both.

Oh yeah. We have a new logo Custom CSS is fun to play with. To use the feature, you have to first type in some styles in the Configure tab. Then logout, check the "custom css" box in the sidebar, and log back in. New styles are applied upon login only, and are removed upon logout. If you make a bad mistake, you can uncheck the checkbox, which uses a cookie to maintain state. Documentation for this feature is in the oven

[antimatter15]

make sure you block out all

background-img: url('javascript:doevil()')

and

background-color: expression(weee, i'm killing ur browser, even though it's only IE that get this problem)

actually, nvrm. cause only ie gets this probmem so it's like an incentive to ditch ie

for some reason, this resembles a sort of private forum

[inp o҉rtb]

While what people send to each other has to be filtered, if someone wants to screw himself over, that's his own business...
And I do want to give users every possible freedom, including the ability to shoot themselves in the foot. Just not each other.

I'll have to standardize the class names. For a simple test, try div {color: red}

Also coming up [possibly] is a personal profile page for each user. I think I'll keep it at one page only, since I don't want to run a Web hosting service here ;]

I'll consider creating a standalone forum once it can be justified; for now, I'll just drive moe traffic here =p

[iKsbjA]

Is anyone willing to help test this system? I'm ready to dish out private testing invitations

I'd like to... 

[antimatter15]

you know when you are in a text box, you see this blinking | thing that signifies your current position, and that the textbox has focus? and over normal text areas, you see this select cursor, which isnt apparent in your textboxes either. well, i cant see it on any of the textboxes/areas and it sorta bothers me

sorry for bringing up such an unimportant topic

[inp o҉rtb]

I am aware of this issue, which only occurs in Firefox. Something special happens to it, apparently. I am currently researching the case of the mysterious i-beam disappearance

Thanks for bringing that up.

Is anyone willing to help test this system? I'm ready to dish out private testing invitations

I'd like to... 

Awesome! I'll PM you one now.Strangely, the i-beam returned. Do you still have that problem?

[antimatter15]

hmm... so that's what it's called? an I beam?

yeah, it's fixed

[inp o҉rtb]

Darn, I did some tweaking and now it's gone again. It looks like a well known Firefox redraw bug. Hmmm...Okay, I see that it's because I'm clearing the password field when you submit your credentials... I do this for security reasons, in case another script is somehow sniffing at the page. For now, I've got an ugly hack in place just for Firefox -- the password-clearing code is executed in a setTimeout context with a timeout of zero; all other browsers get the normal behavior.

Is this a problem with any other browsers? I sure hope not...Custom profiles have been activated. Members can write a short bit of (X)HTML to describe themselves.

Here's an example: http://www.inportb.com/mailfeed/q.php/inportb
For convenience, the URL is the same URL that you use as your mailing address.

I'll add a default profile (if you have a blank profile), in case the bad guys start using bots to determine who has accounts.