-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Simetrical wrote:
Well, I've said all that to Brion, but he didn't agree. :) He wants to get rid of all HTML-permitting messages. Actually, I think part (most? all?) of his concern is that sysops shouldn't be expected to know HTML, or to be capable of outputting remotely valid HTML, and so formatting should always be achieved via wikitext. Or something like that. It's been a while.
It sounds like (and I don't know what Brion is thinking, but here's my humble opinion) Brion is calling for a separation Wikitext and HTML/JavaScript, although not for security reasons. Monobook.js must be written in JavaScript--that's the nature of the beast; however, a system message should not have JavaScript or HTML, using Wikitext when possible. (Note that Wikitext contains HTML-like constructs, but they're guarded by validation routines).