Thursday, 2009-02-19

*** tpb has joined #melange00:00
*** tlarsen|afk has quit IRC00:01
*** dmitrig01 is now known as dmitrig01|afk00:31
*** dmitrig01|afk is now known as dmitrig0101:03
*** penyaskito has quit IRC01:45
*** SRabbelier has joined #melange02:04
*** ChanServ sets mode: +v SRabbelier02:04
*** dmitrig01 has quit IRC02:36
*** mithro has quit IRC04:37
*** mithro has joined #melange05:05
*** ChanServ sets mode: +v mithro05:05
*** MatthewWilkes has joined #melange07:09
*** madrazr has joined #melange09:38
*** madrazr has left #melange10:04
*** MatthewWilkes is now known as mwilkes|call10:25
*** tlarsen has joined #melange10:27
*** ChanServ sets mode: +o tlarsen10:27
*** madrazr has joined #melange10:31
*** mwilkes|call is now known as MatthewWilkes11:35
*** dmitrig01|afk has joined #melange12:43
*** ChanServ sets mode: +v dmitrig01|afk12:43
*** lisppaste9 has quit IRC12:52
*** r0bby has quit IRC12:52
*** lisppaste9 has joined #melange12:54
lhfor those about to join the melange bi-weeky call, we'll use the same dial-in number we always do12:56
lhwill send it to you via email12:56
*** Lennie has joined #melange12:58
*** ChanServ sets mode: +v Lennie12:58
Lennieello12:59
MatthewWilkesmoin Lennie12:59
*** solydzajs has joined #melange13:01
*** ChanServ sets mode: +o solydzajs13:01
* Lennie shreds solydzajs with a chainsaw13:03
Lenniesolydzajs13:03
Lennieon your way?13:03
tlarsenlh: it wasn't on my calendar.  Should I call in?13:05
*** dmitrig01|afk is now known as dmitrig0113:14
*** scorche has quit IRC13:21
*** scorche has joined #melange13:22
*** MatthewWilkes has quit IRC13:39
Lenniethat went well for a change :P13:45
tlarsenI guess I won't work on the Document import feature in my spare time, since it doesn't seem important.13:45
Lennieit is important, but not within the timeframe we have ^^13:46
tlarsenI was just going to create a view that didn't run TinyMCE.13:46
tlarsenLennie: well, I wasn't planning on working on anything else, just what interested me.13:46
Lenniehmm13:46
tlarsenLennie: (and doing Google's releases)13:46
Lenniedoes TinyMCE support adding raw html?13:46
Lennielike does it have a button that can do that13:46
tlarsenLennie: I don't think so.13:46
tlarsenI was just going to create a view with a regular (non-TinyMCE) textarea.13:47
tlarsen(and call it "Import")13:47
Lenniehaha13:47
Lennienopoo13:47
Lennienoo13:47
Lenniego to melange-demo :D13:47
Lenniedo user13:47
Lenniecreate document13:47
Lennieand hit the HTML buttoN ^^13:47
Lennieand see if it works with your exported stuff :D13:47
tlarsenAh, nice.13:48
tlarsenThere are a lot more TinyMCE buttons enabled than before.13:48
Lennieyosh13:48
tlarsenLennie: How do we defend against XSS?13:48
Lennieon request of Leslie13:48
LennieI have no idea what they've built-in to TinyMCE to protect that13:48
Lennieinstead of implementing import you can try and find out if it withstands XSS13:49
Lennieif so13:49
Lennieyou are done :)13:49
tlarsenThe way I prevent XSS in Google Python web apps is to use a feedparser whitelist of tags.13:49
tlarsenfeedparser is *very* good, even filtering obscurely escaped stuff and the like.13:50
Lennieput it in the document field cleaner function?13:50
tlarsenLennie: Looks like Pawel is already working on it:  http://code.google.com/p/soc/issues/detail?id=7813:51
tpb<http://ln-s.net/2ssy> (at code.google.com)13:51
Lennieold13:52
Lennieyou can take the task from him, I'm sure he wont mind13:52
Lennieit was never assigned to him directly anyway13:52
Lennieoh it was13:52
Lennieby you :P13:52
Lennieoct 15th 200813:53
tlarsenBecause he asked me to.13:53
Lenniecan you just try a piece of script in the HTML box?13:54
Lennieand see if it fails13:54
Lennieif so we can bump the priority13:54
Lennieand fix it13:54
Lenniehmm13:55
Lennie<script type="text/javascript"><!--13:55
Lenniefasdasdfsadf13:55
Lennie// --></script>13:55
Lennieis what it become13:55
Lenniebecomes13:55
Lennieseems like it comments out whatever is inside?13:56
*** penyaskito has joined #melange14:04
solydzajstlarsen: TinyMCE has built in XSS protection on client side14:08
solydzajstlarsen: question is whether we want to add additional check on server side ?14:08
*** madrazr has left #melange14:09
solydzajsLennie: yep but it's only client side14:12
Lennieadd a clean for the document form and be done with it :)14:12
solydzajsLennie: I'm wondering whether do it on server side14:12
Lennieyou'll have too14:13
Lenniepost attacks?14:13
Lennie*to14:13
tlarsenSRabbelier: If you remove the Export button funtionality, I will commit it back.14:17
SRabbeliertlarsen: tally ho14:17
tlarsenSRabbelier: Please don't remove stuff that is working.14:17
SRabbeliertlarsen: it's a duplicate :)14:18
tlarsenSRabbelier: I merely closed the bug to make it clear that we don't need to implement the Import feature for now.14:18
tlarsenSRabbelier: Ummm, no it *isn't*.14:18
tlarsenSRabbelier: Unless you enjoy six pain-in-the-ass steps instead of a single click.14:18
tlarsenSRabbelier: See my reply in the issue tracker.14:18
SRabbelierkk14:19
Lennieexport is still in :S14:20
Lennietodd14:21
Lenniecan you make the export button return a html file14:21
Lennieinstead of something without extension?14:21
SRabbelierLennie: maybe .txt?14:22
SRabbelierLennie: since for most users .html files will open in their browser14:22
SRabbelierLennie: which is probalby not the desired behavior14:22
tlarsenLennie: Yeah, it is set to text/ascii on purpose, so the browser will download ti.14:23
tlarsenErr, "it".14:23
tlarsenI hacked that together, which is why it doesn't suggest a better filename.14:23
tlarsenBut, it *does* work.14:23
tlarsenSRabbelier: You could still make the filename end in .html.14:24
Lennieyou can force it to be downloaded anyway14:24
Lenniedepending on the mimetype :P14:24
tlarsenSRabbelier: The browser won't display it if the MIME type is text/ascii.14:24
Lennieidd14:24
SRabbeliertlarsen: but won't windows open it in your browser by default  if it ends in .html?14:24
SRabbelierlike, if you save it to your desktop, and then click it?14:25
tlarsenIf it is saved as a file and you click on it, yes.14:25
Lennie(he's got a point :D)14:25
tlarsenSRabbelier: The browser won't if the HTTP Content-Type is text/ascii.14:25
SRabbelierif we're babbling about ease of use, it would go from having to right-click the file and do 'open with', which might take up to a minute to open on your regular windows box... to just clicking it14:25
tlarsenSo, it will get downloaded the first time, because the server tells the browser it is text/ascii.14:26
durin42tlarsen: ISTR some browsers show text/ascii, not download14:26
durin42but I could be wrong.14:26
tlarsenSRabbelier: I already think the Import stuff sucks.  See:  http://code.google.com/p/soc/issues/detail?id=19114:26
tpb<http://ln-s.net/2ste> (at code.google.com)14:26
SRabbeliertlarsen: feel free to implement :)14:26
tlarsendurin42: Sure, but when you save it, it will be text (not one of those funky HTML with images folder monstrosities).14:26
tlarsenSRabbelier: I am not implementing any Melange features for the time being.14:27
SRabbeliertlarsen: ok, then dont' expect it to be fixed anytime soon :)14:27
tlarsenSRabbelier: its Priority and Milestone are suitably low for now.14:27
Lennieyeah14:27
tlarsenSRabbelier: Ummm, I'm not.14:27
SRabbelierunless some new contributor picks it up14:27
Lennie^^14:27
SRabbeliertlarsen: good :)14:27
tlarsenSRabbelier: The issue tracker is to keep a record of things to get done (even eventually), and for other new contributors to get ideas on what they would like to work on.14:27
tlarsenSRabbelier: This is open source, you can't force people to create a patch for the thing *you* want fixed.14:28
SRabbeliertlarsen: oh, sure, it _should_ go in the issue tracker :)14:28
Lennieit's already in the issue tracker14:28
tlarsenSRabbelier: So, I err on the side of documenting everything to give future contributors ideas.14:28
Lenniehe posted the link :P14:28
SRabbelierLennie: I know... -_-"14:28
tlarsenSRabbelier: So, I'd really, *really* appreciate it if you'd stop with the trite "you are welcome to implement it" crap every time I have an idea to make the app better.14:29
SRabbelierLennie: in English you can say "It should" even if referring to something that already happened :P14:29
tlarsenSRabbelier: I don't have time to code on Melange right now.14:29
tlarsenSRabbelier: So, keeping the issue tracker up-to-date is the best I can do for the moment.14:29
SRabbeliertlarsen: I will try14:29
SRabbeliertlarsen: I apologise14:29
tlarsenSRabbelier: Thanks.  I'm sorry for getting annoyed.14:29
Lenniewe are all annoyed, deadlines ftw :D14:30
SRabbelier:)14:30
SRabbelieryeah, I agree14:30
Lennieanyhow14:30
LennieChris the babarian was happy14:30
tlarsenI would like to mentor a GSoC student for Melange.  I will have more time this summer (house will be done, something I'm working on within Google will be farther along and running in production).14:30
Lennielets keep it that way :p14:30
tlarsenThe crew is hanging the drywall currently, since we finally passed the rough framing inspection.  They expect to be done hanging tomorrow.14:31
tlarsenThe drywall finishing crew starts on Monday.14:31
SRabbeliertlarsen: what's left to be done after the drywall?14:31
Lenniethey have different crews for that :P?14:31
SRabbelierLennie: they have different crews to screw lightbulbs out and to put the new one int! :P14:32
SRabbelierLennie: separation of responsibilities! :D14:32
LennieSRabbelier: you mean their brain can't handly the complete replacement process?14:32
SRabbelierLennie: well... that's another way of putting it :P14:32
tlarsenLennie: The drywall "guy" subs out the hanging and then comes in and does the finishing himself.14:33
tlarsenSRabbelier: painting, trim work, having the kitchen cabinets installed (they are already on-site).14:33
Lennietlarsen: k14:33
tlarsenSRabbelier: final electrical, HVAC, and plumbing work14:33
Lennietlarsen: looks like it is finally getting along?14:33
SRabbeliersolydzajs: can you add http://feedparser.googlecode.com/svn/trunk/ as a thirdpary?14:33
tpbTitle: feedparser - Revision 291: /trunk (at feedparser.googlecode.com)14:33
Lennietlarsen: oo plubming and electrical, you're not done yet :D14:33
SRabbelier**thirdparty14:33
SRabbeliertlarsen: so it should soon be at least 'livable'?14:33
SRabbelier**liveable14:34
*** solydzajs has quit IRC14:34
Lenniecrashing pawel hurray14:34
SRabbelierI think I scared him off :P14:34
LennieI'll be back in 3014:37
*** Lennie is now known as Lennie|Gone14:37
*** solydzajs has joined #melange14:40
*** ChanServ sets mode: +o solydzajs14:40
*** lh has quit IRC14:46
*** solydzajs has quit IRC14:50
*** tlarsen is now known as tlarsen|afk14:52
*** Lennie|Gone is now known as Lennie15:08
SRabbeliertlarsen|afk: ping?15:26
*** tlarsen|afk is now known as tlarsen15:33
tlarsenSRabbelier: Yes?15:33
SRabbeliertlarsen: can you see if the issue is addressed?15:33
SRabbeliertlarsen: oh, that was fast15:33
SRabbelierlol15:33
tlarsenSRabbelier: what issue?15:34
SRabbeliertlarsen: the one you just patched on top of15:34
SRabbelierI thought we agreed we want .txt even for documents, for ease of opening?15:34
tlarsenSRabbelier: you are welcome to change it.15:34
SRabbeliertlarsen: oh... I see now, my commit didn't even  go through15:34
tlarsenSRabbelier: I did it that way as an example of the difference between Model-specific extensions and DEF_EXPORT_EXTENSION.15:34
SRabbeliertlarsen: you should put the default export in params instead15:35
SRabbelierparams.py that is15:35
tlarsenOK, feel free to fix it the right way.  :)15:35
SRabbelierwill do :)15:35
tlarsen(sound familiar? :)15:35
* tlarsen is teasing SRabbelier15:36
SRabbeliertlarsen: I don't mind :)15:36
*** tlarsen is now known as tlarsen|afk15:37
Lennietlarsen|afk16:00
Lennienext time you commit something about an issue you can just put Issue <issuenr> there instead of the complete link16:00
Lenniejust like r1932 is automatically parsed it also does that for issues16:00
Lennieunless ofcrouse you explicitly want to add the link to the issue, which is fine :P16:00
*** penyaskito_ has joined #melange16:10
*** penyaskito has quit IRC16:28
*** tlarsen|afk is now known as tlarsen16:39
tlarsenLennie: I had the link handy from an open browser tab.  I wasn't sure of the syntax in the comment that would auto-magically be linked.16:40
Lennie:)16:40
*** tlarsen is now known as tlarsen|afk16:51
*** N4L|Lennie has joined #melange17:04
*** Lennie has quit IRC17:04
*** N4L|Lennie has quit IRC18:05
*** SRabbelier has quit IRC18:33
*** mithro has quit IRC18:50
*** sandy|lurk has quit IRC19:00
*** sandy|lurk has joined #melange19:00
*** MatthewWilkes has joined #melange19:02
*** tlarsen|afk has left #melange19:05
*** MatthewWilkes has quit IRC19:22
*** tansell-laptop has joined #melange19:49
*** dmitrig01 has quit IRC20:22
*** dmitrig01|afk has joined #melange20:22
*** ChanServ sets mode: +v dmitrig01|afk20:22
*** tansell_laptop has joined #melange21:17
*** dmitrig01|afk has quit IRC21:17
*** tansell-laptop has quit IRC21:34
*** tansell__laptop has joined #melange22:16
*** tansell_laptop has quit IRC22:19
*** r0bby has joined #melange22:27
*** r0bby has quit IRC22:34
*** r0bby has joined #melange22:57
*** tansell_laptop has joined #melange23:00
*** tansell__laptop has quit IRC23:00
*** dmitrig01|afk has joined #melange23:15
*** ChanServ sets mode: +v dmitrig01|afk23:15
*** tansell__laptop has joined #melange23:21
*** tansell_laptop has quit IRC23:21
*** dmitrig01|afk has quit IRC23:21
*** dmitrig01|afk has joined #melange23:51
*** ChanServ sets mode: +v dmitrig01|afk23:51
*** dmitrig01|afk has quit IRC23:53
*** mithro has joined #melange23:58
*** ChanServ sets mode: +v mithro23:58

Generated by irclog2html.py 2.13.1 by Marius Gedminas - find it at mg.pov.lt!