>> enough already. Indeed, this very page would accidentally get matched by rules
>> aiming to control comment-posting... :-) --[[smcv]]
-Directives and raw HTML are filtered out by default, and comment authorship should
-hopefully be unforgeable by CGI users.
+>> The best reason to keep the pages internal seems to me to be that you
+>> don't want the overhead of every comment spawning its own wiki page.
+>> The worst problem with it though is that you have to assume the pages
+>> are mdwn (or `default_pageext`) and not support other formats.
+
+>> By the way, I think that who can post comments should be controllable by
+>> the existing plugins opendiscussion, anonok, signinedit, and lockedit. Allowing
+>> posting comments w/o any login, while a nice capability, can lead to
+>> spam problems. So, use `check_canedit` as at least a first-level check?
+>> --[[Joey]]
+
+When using this plugin, you should also enable [[htmlscrubber]] and either [[htmltidy]]
+or [[htmlbalance]]. Directives are filtered out by default, to avoid commenters slowing
+down the wiki by causing time-consuming processing. As long as the recommended plugins
+are enabled, comment authorship should hopefully be unforgeable by CGI users.
> I'm not sure that raw html should be a problem, as long as the
> htmlsanitizer and htmlbalanced plugins are enabled. I can see filtering
>> directives is more a way to avoid commenters causing expensive processing than
>> anything else, at this point.
>>
->> I've rebased the plugin on master and made it sanitize individual posts' content now.
->> Disallowing HTML is still optional and on by default, but it's trivial to remove
->> the code. --[[smcv]]
+>> I've rebased the plugin on master, made it sanitize individual posts' content
+>> and removed the option to disallow raw HTML. --[[smcv]]
+
+>> There might be some use cases for other directives, such as img, in
+>> comments.
+>>
+>> I don't know if meta is "safe" (ie, guaranteed to be inexpensive and not
+>> allow users to do annoying things) or if it will continue to be in the
+>> future. Hard to predict really, all that can be said with certainty is
+>> all directives will contine to be inexpensive and safe enough that it's
+>> sensible to allow users to (ab)use them on open wikis.
+>> --[[Joey]]
When comments have been enabled generally, you still need to mark which pages
can have comments, by including the `\[[!comments]]` directive in them. By default,
>> Then control freaks like me could use "link(tags/comments)" and tag pages
>> as allowing comments.
>>
+>>> Yes, I think a pagespec is the way to go. --[[Joey]]
+>>
>> The model used for discussion pages does require patching the existing
>> page template, which I was trying to avoid - I'm not convinced that having
>> every possible feature hard-coded there really scales (and obviously it's
>> rather annoying while this plugin is on a branch). --[[smcv]]
+>>> Using the template would allow customising the html around the comments
+>>> which seems like a good thing?
+
The plugin adds a new [[ikiwiki/PageSpec]] match type, `postcomment`, for use
with `anonok_pagespec` from the [[plugins/anonok]] plugin or `locked_pages` from
the [[plugins/lockedit]] plugin. Typical usage would be something like:
* `commit=no`: by default, comments are committed to version control. Use this to
disable commits.
-* `allowhtml=yes`: by default, raw HTML is filtered out. Use this to allow HTML
- (you should enable [[plugins/htmlscrubber]] and either [[plugins/htmltidy]] or
- [[plugins/contrib/htmlbalance]] if you do this).
* `allowdirectives=yes`: by default, IkiWiki directives are filtered out. Use this
to allow directives (avoid enabling any [[plugins/type/slow]] directives if you
do this).
This plugin aims to close the [[todo]] item "[[todo/supporting_comments_via_disussion_pages]]",
and is currently available from [[smcv]]'s git repository on git.pseudorandom.co.uk (it's the
-`postcomment` branch).
+`postcomment` branch). A demo wiki with the plugin enabled is running at
+<http://www.pseudorandom.co.uk/2008/ikiwiki/demo/>.
Known issues: