Comments on: Dr. Woohoo, Generating Artwork, and some Python code to massage user submitted content (specifically, images).

By: Johnny

Johnny — Sat, 23 Aug 2008 08:12:25 +0000

We use a similar system at work as our clients use our own custom bi-lingual CMS to update content on their sites, so the chances are that they will put an image that is way too big and thus breaking the layout. We use .net to re-size the images so that they fit to the exact sizes specified by us.

The django method looks nice, but as we do a lot of public sector work we use .net on our back end. Thankfully as I just design and integrate CSS, I don’t touch that crazy code :)

By: Aral

Aral — Fri, 22 Aug 2008 19:43:24 +0000

Hi rajbot,

It’s not unescaped input. It accepts Markdown — I didn’t think that people would put images in there but they could :)

And Django escapes everything by default as of 0.97 unless you specifically mark it as |safe.

By: rajbot

rajbot — Thu, 21 Aug 2008 14:40:14 +0000

Not over-engineering: good, even great.
Allowing unescaped user input: bad

Thinking about and anticipating user input is not over-engineering — it’s good practice. Essentially, if you were not expecting images in a description, he shouldn’t have been able to post one. This means that you’ve left yourself open to XSS attacks. Sure, your speakers *probably* aren’t going to misuse your website, but the number one rule of thumb is never ever trust user input. Ever. A nice side-effect of this is that your layout rarely gets broken (you still have to look out for non-breaking-lines-such-as-this-one-if-you-know-what-i-mean-right?)

In this case, the more ‘complicated’ way is actually the right way. If you’re serving images, ideally you are serving them from YOUR servers, or from trusted servers. Again, the nice side effect is you can manipulate them using a server-side image API, and deliver a faster and better looking thumb.

I realize it’s not worth it for this obvious edge case, but something to think about.