Check out McCooey's Hexagonal Chess, our featured variant for May, 2025.

Enter Your Reply

The Comment You're Replying To
H. G. Muller wrote on Sun, Dec 11, 2022 04:26 PM UTC in reply to Fergus Duniho from 03:26 PM:

The table with pieces (from which in the next step you would have to drag the pieces to the board) does not appear. I suspect this is a consequence of the corruption earlier on the page, which inserted an extra Diagram on the page. This confuses the script as to which table it should insert the pieces you select in. Each Diagram comes with a table, even if that table is hidden by default.

There originally was one other Diagram in the introduction, and when the Wizardis opened it erases that Diagram to prevent this problem. But the corruption created a new table by transforming the visible text for what you would have to insert to embed a Diagram into an active Diagram, by replacing the &lt; that was 'disarming' it into actual < characters. When you select pieces a lot of activity occurs in that location. (All error messages, because the origial text only showed the enclosing HTML tags without actually having the content between them to specify a valid Diagram. That makes sense, as for each piece you add to the Diagram it tries to recreate the Diagram with the new parameters. But it recreates the parasitic Diagram instead of the one in the Wizard.)

I have been studying the membersubmission PHP scripts yesterday to repair my lack of understanding on what is going on. (I actually went so far as to copy some, and modify those to see what would happen. More about that later.) As I understand it now the function htmlspecialchars() acts on what is in the database to display it in a HTML textarea. And when this text is submitted htmlspecialchars_decode() reverses the substitution. This indeed should not surreptitiuosly alter untouched text in the database. So I still don't understand how this could have led to corruption: originally there was a &lt; in the database; it should have been converted to &amp;lt; for editing, and then back to &lt; on storing. It seems like htmlspecialchars_decode() has been acting twice on it, also decoding the &lt; that resulted from the decoding of the &amp;.

Anyway, the problem with this strategy (when it would work correctly) is not so much with altering untouched text, but altering what an unsuspecting user creates as new text. To get &lt; in the database, he should perform a mental htmlspecialchars() on it to encode it (typing &amp;lt; when he wants to see &lt; in the article). This indeed seems to result in the desired effect similar to the new method with chr that you created.

Both methods have the problem that the editing user would not know this has to be done.

I still wonder why we are doing all this encoding and decoding anyway. As far as I could determine text inside textarea tags is completely displayed 'as is', there is no interpretation of HTML tags or escaped characters. The only thing that is interpreted is a closing /textarea tag. (Just like the only thing you cannot have in embedded JavaScript is a closing /script tag, not even between quotes!) So to minimize the possibility for unwanted side effects it would be better to only encode and decode that closing /textarea tag for editing. Even if a user would not know about this encoding, and type a normal /textarea tag, this would then not be recognized by the decoding (which only hunts for encoded tags), and end up in the database exactly as he wants.


Edit Form

Comment on the page Interactive diagrams

Conduct Guidelines
This is a Chess variants website, not a general forum.
Please limit your comments to Chess variants or the operation of this site.
Keep this website a safe space for Chess variant hobbyists of all stripes.
Because we want people to feel comfortable here no matter what their political or religious beliefs might be, we ask you to avoid discussing politics, religion, or other controversial subjects here. No matter how passionately you feel about any of these subjects, just take it someplace else.
Avoid Inflammatory Comments
If you are feeling anger, keep it to yourself until you calm down. Avoid insulting, blaming, or attacking someone you are angry with. Focus criticisms on ideas rather than people, and understand that criticisms of your ideas are not personal attacks and do not justify an inflammatory response.
Quick Markdown Guide

By default, new comments may be entered as Markdown, simple markup syntax designed to be readable and not look like markup. Comments stored as Markdown will be converted to HTML by Parsedown before displaying them. This follows the Github Flavored Markdown Spec with support for Markdown Extra. For a good overview of Markdown in general, check out the Markdown Guide. Here is a quick comparison of some commonly used Markdown with the rendered result:

Top level header: <H1>

Block quote

Second paragraph in block quote

First Paragraph of response. Italics, bold, and bold italics.

Second Paragraph after blank line. Here is some HTML code mixed in with the Markdown, and here is the same <U>HTML code</U> enclosed by backticks.

Secondary Header: <H2>

  • Unordered list item
  • Second unordered list item
  • New unordered list
    • Nested list item

Third Level header <H3>

  1. An ordered list item.
  2. A second ordered list item with the same number.
  3. A third ordered list item.
Here is some preformatted text.
  This line begins with some indentation.
    This begins with even more indentation.
And this line has no indentation.

Alt text for a graphic image

A definition list
A list of terms, each with one or more definitions following it.
An HTML construct using the tags <DL>, <DT> and <DD>.
A term
Its definition after a colon.
A second definition.
A third definition.
Another term following a blank line
The definition of that term.