X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/82197bd0eaa216b841caace38c976acc7f6ad3fa..eb87dd177ae5ad2838c9bb9acb5e1e40d9cc5f28:/doc/todo/comments.mdwn?ds=inline diff --git a/doc/todo/comments.mdwn b/doc/todo/comments.mdwn index c74ded8f6..7a113bee3 100644 --- a/doc/todo/comments.mdwn +++ b/doc/todo/comments.mdwn @@ -10,18 +10,21 @@ > it's hard enough to get some people to title their blog posts :-) > --[[smcv]] -## Patches pending merge - -* There is some common code cargo-culted from other plugins (notably inline and editpage) which - should probably be shared - - > Actually, there's less of this now than there used to be - a lot of simple - > things that were shared have become unshareable as they became more - > complex. --[[smcv]] +## Won't fix - > There's still goto. You have a branch for that. --[[Joey]] +* Because IkiWiki generates static HTML, we can't have a form inlined in + page.tmpl where the user fills in an entire comment and can submit it in + a single button-press, without being vulnerable to cross-site request forgery. + So I'll put this in as wontfix. --[[smcv]] -## Won't fix + > Surely there's a way around that? + > A web 2.0 way comes to mind: The user clicks on a link + > to open the comment post form. While the nasty web 2.0 javascript :) + > is manipulating the page to add the form to it, it looks at the cookie + > and uses that to insert a sid field. + > + > Or, it could have a mandatory preview page and do the CSRF check then. + > --[[Joey]] * It would be useful to have a pagespec that always matches all comments on pages matching a glob. Something like `comment(blog/*)`. @@ -47,6 +50,17 @@ ## Done +* There is some common code cargo-culted from other plugins (notably inline and editpage) which + should probably be shared + + > Actually, there's less of this now than there used to be - a lot of simple + > things that were shared have become unshareable as they became more + > complex. --[[smcv]] + + > There's still goto. You have a branch for that. --[[Joey]] + + >> Now merged --[[smcv]] + * The default template should have a (?) icon next to unauthenticated users (with the IP address as title) and an OpenID icon next to OpenIDs @@ -91,6 +105,7 @@ > and c42f174e fix another `beautify_urlpath` bug and add a regression test > --[[smcv]] + * Now that inline has some comments-specific functionality anyway, it would be good to output `` in Atom and the equivalent in RSS.