#saltr (irc2p) | I2P+ 2.12.0-1+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | notbob.i2p | ramble.i2p | drop.i2p | shinobi.i2p | wall.i2p | /msg an op for voice

#saltr

/2026/05/09

Online: 54

~dr|z3d

@RN

@T3s|4

@T3s|4_

@eyedeekay

@orignal

@postman

@zzz

%acetone

%mareki2p

%snex

+Atticfire

+FreefallHeavens

+Onn4l7h

+Onn4|7h

+fa

+marek22k

+onon_

+profetikla

+qend-irc2p

+r00tobo

+sexy

+uop23ip

Arch

Danny

Irc2PGuest21708

Irc2PGuest28384

Irc2PGuest4937

Irc2PGuest66257

Irc2PGuest75631

Irc2PGuest99986

Over1

RTP_

Watson

ahiru

anontor

cims

i2potus

interesting

justaperson

lokzz

luvme3

mahlay

makoto

n2_

nilbog

not_bob_afk2

pinotto

poriori

r00tobo[2]

rednode

sahil

uberius

user_ygg2_

dr|z3d zzz: somewhat better md coverage, without the 70K convertor dependency: github.com/I2PPlus/i2pplus/commit/c362fa818c7ef3b2799837b1a64435f5aaf79594

zzz dr|z3d, how you doing on the i2ptunnel links?

dr|z3d finished.

zzz ok will take a look

dr|z3d github.com/I2PPlus/i2pplus/commit/99c3c67be7fc959b25213e3583c3df493bf5700d

dr|z3d see also: github.com/I2PPlus/i2pplus/commit/c362fa818c7ef3b2799837b1a64435f5aaf79594

zzz not sure why I get any credit for that

dr|z3d ii2ptunnel, note the zero css changes.

dr|z3d :)

dr|z3d well, you named the file :)

zzz whats the 'form id in a button' html feature called so I can read up on it?

dr|z3d developer.mozilla.org/en-US/docs/Web/HTML/Reference/Attributes/form

zzz thx

dr|z3d markdown -> html isn't perfect, at least for the bootmlineit report, but it may be on account of malformed markdown beinf supplied.

dr|z3d lists, tables, codeblocks, all handled. custom classes supported for various html elements so you can style as you wish.

zzz I'll pass on it

dr|z3d as you wish.

dr|z3d the mian motivation, as discussed, was to get the report not looking like a dog's dinner in susimail.

dr|z3d you should know that the version you're using is potentially dangerous. whether you take my update or not, you may want to look into it.

zzz how so

dr|z3d 1. No URL scheme validation - attributeSafeUrl doesn't block dangerous schemes:

dr|z3d 2. No input validation - makeHtml accepts null/undefined/large inputs without checks

dr|z3d 3. No error handling - Malformed input throws uncaught exceptions

dr|z3d 4. Plugin hook exploitation - pluginHooks system allows HTML injection if hooks can be modified

dr|z3d 5. No size limits - Vulnerable to DoS via huge payloads

dr|z3d 6. Complex unauditable codebase - 1700 lines of Perl-ported regex, hard to security review

zzz only 1. sounds "dangerous"

dr|z3d well, that's a short audit. make of it what you will.

dr|z3d if you're sticking with what you're using, github.com/showdownjs/showdown is the current, rewritten version.

dr|z3d only 204K. tiny :)

zzz you should point your AI at your own js

dr|z3d I have. It's been through a couple of audits from different models.

dr|z3d and it'll get some more auditing, I'm not done yet.

zzz looks like I got that js from stack exchange but sadly didn't put source or version into the checkin comments

zzz unfortunate

dr|z3d your version is probably not far off this one: code.google.com/archive/p/showdown

zzz found it github.com/StackExchange/pagedown

zzz anyway it was chosen for being battle tested by stack exchange, and I beat it around pretty good during eval and testing

zzz maybe there's some successor project or fork that's similar

zzz but I'll stick with it over something you vibed up yesterday ))

dr|z3d youtube.com/watch?v=JeNS1ZNHQs8

zzz ewww I see what you did with creating client/server forms in a loop at the bottom

zzz did you have to do that? couldn't you have put name=tunnel value=<%=curServer%> in the button????

dr|z3d probably, I'll have a look at it.

dr|z3d I was focused more on getting the javascript to behave, so it's time to revisit this and optimize.

zzz I think the top buttons stop/start/restart all can be inside a form normally, they don't need the external form trick

zzz just the per-tunnel buttons need it

dr|z3d sure, up to you. putting all the forms at the bottom of the page does keep things separated, mind.

dr|z3d github.com/I2PPlus/i2pplus/commit/7f0693afd353bfdb10c57388b4bf8f420ea24c05

sidereal wb z3d

dr|z3d thanks, sidereal

zzz you did that the opposite of what I suggested but better than nothing

dr|z3d there we go, more markdown -> html hardening. proper DOMParser based sanitization. what's not to love? :)

dr|z3d github.com/I2PPlus/i2pplus/commit/2cb9c0dd6fb4dbd5bc0e41675ddb750e3a2bd08f

zzz ok got the external forms kinda working, that's the trick we needed

dr|z3d re value=<%=currServer%>, um, no?

dr|z3d the value is not the id of the server, the value is the action.

zzz not if you set name="tunnel" and make the action hidden in the form. you did the opposite, so you end up with one form per tunnel, instead of one form per action

zzz I have two forms, one for start and one for stop, no matter how many tunnels

dr|z3d either works, no big deal.

dr|z3d but I'll concede there's a slight efficiency in your method.

zzz I'm working on adding P-R-G now

zzz dont forget to grab the nonce refactor

dr|z3d 10-4

zzz also replace %20 with ' ' in actions as it gets snagged by the XSS filter if haven't hit thatyet

dr|z3d ok, will do, thanks, good call.

zzz P-R-G pushed