superuser2

FF2 Mac and Safari look good. Not quite sure whether this is intentional but there is no space between the mail icon and the text, looks kind of odd. You may want to add one (use )

Validation has been implemented, this means form fields can't be blank and email addresses must look real to be confirmed. To test out the improved system, I have flushed the database, so any and all existing threads and messages are gone. Images: but Forums allow dynamic images - how do they keep it safe? I want to have images allowed and do not have the resources to host the images myself. Can someone more clearly explain how one could Cross Site Script with an image?

Okay, so form validation I will do... Your email address is your identity on Threadify, so the system kinda needs to be sure it's yours. I suppose I could do openId... in fact, should I? What do people think of that?

I am unable to recreate the problems encountered with the input filter. Will those experiencing problems please send me a Personal Message telling something I can find the thread by (your email, your secret URL, your thread title or message body)? Thanks. To prove I do indeed own it I have posted a message at: http://sudo2.com/labs/Threadify/phpfreaks.html Stating that I do indeed take responsibilty for this message and that I am who I say I am. I have it set to allow "b", "i", "u", "br", "p", "a", and "img", so those ought to come through. I completely remove any other Javascript or other element. Bold, underline, italic, line breaks, paragraphs, links, and images are all perfectly appropriate in the context of a private forum thread, I think. Please let me know if something is leaking through.

Hmm... so it looks like the filtering class I'm using isn't very good. I'll have to find another. But it's late, so that goes on my todo list. Thanks for finding that. Beate, that might be because you're putting them in on the wrong paramter (if I recall correctly there's one for the tags to blacklist and another for the tags to whitelist or something like that).

Gmail deals with messages in threads, yes, but how well does it handle discussions between more than two people? Not very well in my experience.

Dsaba, Thanks. I found a good input validation class at PHPClasses.com: http://www.phpclasses.org/browse/package/2189.html I set it to filter all HTML and Javascript except for the tags I've whitelisted (like <b>, <i>. <u>, <a>, <br> to name a few). Works quite well.

Okay, XSS filtering was implemented. Anything else?

And now XSS filtering has been implemented.

Dsaba, That's a really good idea. I looked at it again and saw that. I've made the text smaller, and only the original message has a drop shadow. They're a lot closer together. How's that?

What is it? - Sorry, I didn't give the homepage URL. I have a descripion there, is that adequete? Filtering: thanks for that. I'll work on it. I'm thinking I'll just filter Javascript and allow HTML. http://sudo2.com/labs/Threadify/

Sorry. I that feature kinda wasn't implemented yet. I just wrote that function before checking this thread again. How is it now?

Hello everyone, I'd like a review of my webapp, Threadify. What I'm looking for: 1. Is it easy to use? Usability is my #1 concern here. 2. Is it useful? Would you use it? 3. I don't consider my design ugly, but it's not really visually appealing either. Any thoughts on improving that? 4. Anything, anything at all that can be improved? As per the guidelines of this section, a "test" thread: http://sudo2.com/labs/Threadify/thread/18/51553074/ - Can manage sharing; it's the thread creator's secret URL. http://sudo2.com/labs/Threadify/thread/18/68587503/ - A regular person's URL; cannot manage sharing. To clarify: both URLs are for the same thread. The homepage URL is:http://sudo2.com/labs/Threadify/thread/18/68587503/ There's no need to create a new thread, but you can if you want to.

Hello everyone, I'd like to have my site, Threadify, tested. What I am looking for: a) Is there anything that doesn't work? b) Is there anything that isn't easy-to-use? c) Is there anything that should be improved? http://sudo2.com/labs/Threadify/

Works for me as well. You generally want to tell people the validation rules before they submit the form and have to start all over, that's the only thing I can think of.