Commit 65d9dce0 authored by Deimos's avatar Deimos

Adjust grammar in various pages

Tildes user "suspended" submitted these edits, which I'm merging in for
them.
parent e12e9f0c
......@@ -2,7 +2,7 @@ Title: Contact
Slug: contact
Summary: List of contact information for Tildes
**To request an invite to the Tildes alpha, email [[email protected]](mailto:[email protected]).** Do not email any other addresses to ask for an invite.
**To request an invite to the Tildes alpha, email [[email protected]](mailto:[email protected]).** Do not email any of the other addresses below to ask for an invite.
If you've discovered a security issue on Tildes, please disclose it responsibly by emailing [[email protected]](mailto:[email protected]). Tildes does not offer a bug bounty.
......@@ -16,4 +16,4 @@ For all other purposes, please email [[email protected]](mailto:[email protected]
---
Tildes has an official Twitter account at [@TildesNet](https://twitter.com/TildesNet). It will generally only tweet blog posts and site updates.
Tildes has an official Twitter account at [@TildesNet](https://twitter.com/TildesNet). It will, generally, only tweet blog posts and site updates.
......@@ -8,7 +8,7 @@ This page describes the requirements and steps to set up your own local developm
## Install prerequisites
You'll need to have the following things installed, the exact process for each will vary depending on your OS:
You'll need to have the following things installed and the exact process for each will vary depending on your OS:
* [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
* [Vagrant](https://www.vagrantup.com/docs/installation/)
......@@ -36,13 +36,13 @@ From a command prompt / terminal, get into the directory you cloned the reposito
After the run finishes, your VM should be configured and running. To verify, you can run `vagrant status`, which should say that the machine is running, or `vagrant ssh` to actually SSH into the VM (type `exit` to get back out).
Next, run `vagrant provision` which will check to make sure the state of the VM is correct. Assuming everything went as it should, this should finish very quickly and the Summary at the end of the output should report no changed or failed states.
Next, run `vagrant provision` which will check to make sure the state of the VM is correct. Assuming everything went as it should, this should finish very quickly and the summary at the end of the output should report no changed or failed states.
## Add a security exception for the dev site
The site only works over HTTPS, but your development version doesn't have a proper SSL certificate, so you need to add a security exception for it in your browser. In your browser, visit [https://localhost:4443](https://localhost:4443) - Vagrant will have set it up so that port 4443 is being forwarded into the VM, and you should see a big scary warning telling you that the connection is not secure/private.
The process will be slightly different depending on browser, but there should be a button like "Advanced" to click where you can choose to add an exception and proceed to the site anyway. After that, you should see a page from the site being served from your development VM.
The process will be slightly different depending on your browser, but there should be a button like "Advanced" to click where you can choose to add an exception and proceed to the site anyway. After that, you should see a page from the site being served from your development VM.
## Log in / test
......@@ -52,7 +52,7 @@ At this point, your development version is running, and an initial user and grou
If you'd like to add a different user or group, first run `vagrant ssh` to SSH into the VM. At this point, your prompt should look like: `(tildes) [email protected]:/opt/tildes$`.
Now open an interactive Python shell inside the application environment by running `pshell development.ini`. This should put you into an IPython shell with a prompt of `In [1]:`. You now need to run the following commands (feel free to replace the username/password and group name with something different):
Now, open an interactive Python shell inside the application environment by running `pshell development.ini`. This should put you into an IPython shell with a prompt of `In [1]:`. You now need to run the following commands (feel free to replace the username/password and group name with something different):
```python
from tildes.models.group import Group
......
......@@ -4,16 +4,16 @@ Modified: February 17, 2019
[TOC]
*Note: This page is fairly scattered overall and should be split up into multiple pages in the future. The goal is mostly to have a lot of information that developers might find useful so that they at least have a starting point to find out more about how something works.*
*Note: This page is fairly scattered overall and should be split up into multiple pages in the future. The goal is mostly to have a lot of information that developers might find useful so that they, at least, have a starting point to find out more about how something works.*
**If you haven't already, follow the instructions on [the Development Setup page](/development-setup) to get a development version running on your local machine.**
## Vagrant
In general you shouldn't need to do very much with Vagrant directly, but there are a few commands you should know:
In general, you shouldn't need to do very much with Vagrant directly, but there are a few commands you should know:
* `vagrant up` - Run this to boot the VM (or create a new one), it will probably take a few minutes to finish.
* `vagrant ssh` - Open an SSH session into the VM. You will probably want to have one of these open almost all the time while developing to be able to run checks, look at the database, etc.
* `vagrant up` - Run this to boot the VM (or create a new one). It will probably take a few minutes to finish.
* `vagrant ssh` - Open an SSH session into the VM. You will, probably, want to have one of these open almost all the time while developing to be able to run checks, look at the database, etc.
* `vagrant provision` - If you make any changes to the Salt states, run this to re-apply everything to the VM and make sure its state matches the expected one
* `vagrant halt` - Shut down the VM.
* `vagrant destroy` - This will completely destroy the VM, and next time you run `vagrant up` it will re-build it from scratch. If your dev environment ever ends up broken, it's usually simplest to just destroy/recreate like this.
......@@ -105,7 +105,7 @@ HTML templates are written in [the Jinja2 templating language](http://jinja.poco
CSS is written with [Sass (SCSS syntax)](http://sass-lang.com/documentation/file.SASS_REFERENCE.html), and uses [Spectre.css](https://picturepan2.github.io/spectre/) as a base. Changes to the SCSS files (in the `tildes/scss/` directory) will automatically be detected and compiled for you by a service running inside the Vagrant VM. If your changes are failing to compile due to an error, you can run `sudo journalctl -u boussole.service -f` to view that service's logs and see the error.
The SCSS is organized in a manner similar to the [SMACSS](https://smacss.com/book/) style. One specific thing to note is that the `_themes.scss` file contains style definitions that differ between the different site themes. All theme-specific CSS should be kept exclusively in that file.
The SCSS is organized in a manner similar to the [SMACSS](https://smacss.com/book/) style. One specific thing to note is that the `_themes.scss` file contains style definitions that differ between the site themes. All theme-specific CSS should be kept exclusively in that file.
## Javascript, AJAX and the "web API"
......@@ -117,7 +117,7 @@ Intercooler includes [jQuery 3](http://api.jquery.com/) as a dependency, so jQue
All other Javascript behavior should be implemented using the [RSJS guidelines](http://ricostacruz.com/rsjs/), which generally means that the code for each behavior is defined inside a file in `static/js/behaviors/` and must be attached to a "component" on the site by using an HTML data attribute with the `data-js-` prefix.
All the files in `behaviors` are automatically merged into the site's javascript file. However, if you add a new behavior file, it won't be picked up until you run `sudo systemctl restart webassets.service`.
All the files in `behaviors` are automatically merged into the site's javascript file. However, if you add a new behavior file, then it won't be picked up until you run `sudo systemctl restart webassets.service`.
## Database
......@@ -147,7 +147,7 @@ The general process for creating an Alembic migration is:
*Note:* the Alembic version file should never import any constants, read text in from files, etc. It should have all that sort of information hardcoded so that the effects of the migration aren't modified if those external resources change in the future.
5. Run `alembic upgrade head` to apply your upgrade and make sure there are no errors. If the upgrade applies successfully, you should also connect to the database with `psql -U tildes tildes` and verify that all your changes were applied correctly.
6. If the upgrade looks correct, run `alembic downgrade -1` to apply your downgrade and make sure there are no errors. As above, you should connect to the database to verify that all your changes were removed and the database is back to the state it was previously.
6. If the upgrade looks correct, run `alembic downgrade -1` to apply your downgrade and make sure there are no errors. As above, you should connect to the database to verify that all your changes were removed and the database is back to the state it was previously in.
7. If you run into any errors or missing changes during upgrade/downgrade, you may need to edit your script more and test more downgrades/upgrades until everything is correct. Once you're finished fixing any issues, run one final `alembic upgrade head` to make sure everything has been applied.
8. Make sure to include your Alembic file inside the commit that requires these database changes.
......@@ -172,7 +172,7 @@ Once you start making changes to the code that you want to contribute to the pro
* `black --check .` - Runs [the Black code-formatter](https://black.readthedocs.io/) checks (issues don't need to be fixed manually, just run `black .` to reformat your code).
* `prospector` - Runs the code style checks.
If you use the included [Git hooks](/development-setup#set-up-git-hooks-optional-but-strongly-recommended), the tests, mypy, and Black will automatically be run whenever you commit (and prevent you from committing if they fail), and all checks will be run before you can push your code to a remote repo.
If you use the included [Git hooks](/development-setup#set-up-git-hooks-optional-but-strongly-recommended), then the tests, mypy, and Black will automatically be run whenever you commit (and prevent you from committing if they fail), and all checks will be run before you can push your code to a remote repo.
## Testing
......@@ -190,7 +190,7 @@ Functional testing can be done via the [webtest library](http://webtest.readthed
All function definitions must include type annotations that define the types of each argument and the return value. These annotations have no effect at runtime, but [mypy](http://mypy-lang.org/) is able to statically analyze the code using them to detect potential errors when functions are inadvertently called with arguments of the wrong type.
The type annotations are generally very straightforward and you can probably easily understand how to write them by just looking at existing functions, but the following pages in the mypy docs might be useful if you run into issues or need more information:
The type annotations are, generally, very straightforward and you can probably easily understand how to write them by just looking at existing functions, but the following pages in the mypy docs might be useful if you run into issues or need more information:
* [mypy syntax cheat sheet (Python 3)](http://mypy.readthedocs.io/en/latest/cheat_sheet_py3.html)
* [Built-in types](http://mypy.readthedocs.io/en/latest/builtin_types.html)
......
......@@ -17,9 +17,9 @@ First, tilde is one of the only "unreserved" characters that can be used in web
> Characters that are allowed in a URI but do not have a reserved purpose are called unreserved. These include uppercase and lowercase letters, decimal digits, hyphen, period, underscore, and tilde.
That means that a tilde can always be used in a web address without needing to be escaped. This isn't true for many other symbols—for example, some sites try to put an `@` character in their addresses (usually related to usernames), but since that's not an unreserved character, it will often get converted to `%40`, which looks much uglier. A tilde should always be kept as a tilde.
That means that a tilde can always be used in a web address without needing to be escaped or converted. This isn't true for many other symbols—for example, some sites try to put an `@` character in their addresses (usually related to usernames), but since that's not an unreserved character, it will often get converted to `%40`, which looks much uglier. A tilde should always be kept as a tilde.
In addition, the `~` symbol also has an association of "home" to many technical people. If you're using [the Bash shell](https://en.wikipedia.org/wiki/Bash_\(Unix_shell\)) (or various others), a tilde can often be used to refer to the user's home location. For example, the command `cd ~` changes directory to your home dir. A command like `cd ~deimos` will go to the home dir of the user `deimos`, and so on. I like the idea of each community being thought of as "the home for <topic>".
In addition, the `~` symbol also has an association of "home" to many technical people. If you're using [the Bash shell](https://en.wikipedia.org/wiki/Bash_\(Unix_shell\)) (or various others), a tilde can often be used to refer to the user's home location. For example, the command `cd ~` changes the directory to your home directory. A command like `cd ~deimos` will go to the home directory of the user `deimos`, and so on. I like the idea of each community being thought of as "the home for <topic>".
It's also a bit of a throwback to common addresses on the early web, where users would host their website on a shared system under their username. For example, when I was in university, the address of my website hosted on the Computer Science department's server was something like http://pages.cpsc.ucalgary.ca/~cbirch. [Paul Ford caused a fun resurgence of this a few years ago when he started Tilde.Club](https://medium.com/message/tilde-club-i-had-a-couple-drinks-and-woke-up-with-1-000-nerds-a8904f0a2ebf).
......@@ -37,11 +37,11 @@ However, since [Tildes is open-source](https://blog.tildes.net/open-source), som
## Does Tildes allow non-English communities?
Not for now. Multiple of the site's goals will be difficult or impossible to work towards without being able to understand what's going on in a community, so for now they need to be primarily in English. This may change someday in the future, and if it does, the [hierarchical groups](https://docs.tildes.net/mechanics) could work very well for giving other languages their own set of groups.
Not for now. Many of the site's goals will be difficult or impossible to work towards without being able to understand what's going on in a community, so for now they need to be primarily in English. This may change someday in the future, and if it does, the [hierarchical groups](https://docs.tildes.net/mechanics) could work very well for giving other languages their own set of groups.
## What's the color scheme used on Tildes?
Tildes uses [the Solarized color scheme by Ethan Schoonover](http://ethanschoonover.com/solarized). It's always been one of my personal favorite schemes, and it has some interesting aspects such as flipping very easily between dark and light modes.
Tildes uses [the Solarized color scheme by Ethan Schoonover](https://ethanschoonover.com/solarized). It's always been one of my personal favorite schemes, and it has some interesting aspects such as flipping very easily between dark and light modes.
## What if you don't get enough donations to run the site full-time?
......
......@@ -15,7 +15,7 @@ It's not being used yet in the alpha, but groups will eventually be organized *h
Groups are not "owned" by users, and (at least for now) can not be created by users. This may change in the future, but the lack of user-created groups initially will make it simpler to keep the hierarchy organized, as well as concentrate activity in fewer groups while the site is still small.
A small set of active groups is far better than a large set of inactive ones, and the hierarchy will allow different subjects to easily split into more-specific groups as activity increases.
A small set of active groups is far better than a large set of inactive ones, and the hierarchy will allow different subjects to easily split into more specific groups as activity increases.
## Topics
......@@ -49,7 +49,7 @@ Comments can also be labeled, which is separate from voting (you can vote on a c
* Noise - Comments that don't add anything to the discussion. This includes obvious non-contributing comments like "lol", "I agree", and responses to the headline like "finally!", but can also cover anything where the comment's presence doesn't add anything meaningful.
* Malice - Comments posted in bad faith. Comments should be labeled as Malice if they're trolling, personal attacks, or other types of behavior that have no place in high-quality discussions. Using this label requires entering a reason, and serves as a method of reporting the comment.
Comment labels serve multiple purposes overall. Tildes has no downvoting, but some labels can effectively act as "downvote with a reason". Labels will also make it possible to support various methods of filtering comment threads, such as both "show this thread without jokes" and "show *only* jokes from this thread".
Comment labels serve multiple purposes overall. Tildes has no downvoting, but some labels can effectively act as a "downvote with a reason". Labels will also make it possible to support various methods of filtering comment threads, such as both "show this thread without jokes" and "show *only* jokes from this thread".
Overall, voting on a comment should mean something like "this is a good comment and I think other people should read it", while labeling a comment adds more information. With the combination of both, you can express things like "this is a good comment, even though it's off-topic", and "this is a joke, but it's a good one".
......@@ -57,6 +57,6 @@ Overall, voting on a comment should mean something like "this is a good comment
As mentioned above, Tildes does not have negative votes for either topics or comments. The reason for this is that I believe we can implement different mechanics that replace the "proper" use of downvotes without also enabling all the misuses of them.
The ideal usage of a downvote is a generic way to express "this doesn't contribute", but in practice they tend to be used more as "I disagree" or "I don't like this". High-quality posts will often get downvoted because other users disagree with the opinion, and in taste-based communities (such as ones related to music), entire categories of valid posts might be unviable because they'll just be downvoted by users with different taste.
The ideal usage of a downvote is a generic way to express "this doesn't contribute", but in practice they tend to be used more as "I disagree" or "I don't like this". High-quality posts will often get downvoted because other users disagree with the opinion, and in taste-based communities (such as ones related to music), entire categories of valid posts might not be viable because they'll just be downvoted by users with different tastes.
On Tildes, I want to find ways to accomplish those valuable uses through other mechanics. For example, the [comment labels](#comment-labels) described above can be used to communicate *why* you don't think a comment contributes. [Topic tags](#topic-tags) will allow users to simply filter out certain types of posts that they're not interested in, instead of downvoting them and hurting them for other users that *do* want to see them.
......@@ -25,13 +25,13 @@ Part of this is avoiding "PR-speak", where companies utilize deliberately abstru
## Trust people, but punish abusers
The large majority of users on a site generally behave in good faith, and are only interested in legitimately participating and contributing. However, there is always a group of users actively trying to undermine others, and even though they are usually a tiny minority, sites often have to build in such a way to prevent these bad-faith users from being able to do much damage.
The large majority of users on a site, generally, behave in good faith and are only interested in legitimately participating and contributing. However, there is always a group of users actively trying to undermine others, and even though they are usually a tiny minority, sites often have to build in such a way to prevent these bad-faith users from being able to do much damage.
This tends to mean that many potentially powerful tools cannot be added to the site, since malicious use of them would be too dangerous. Instead of restricting capabilities by needing to design around the worst way any tool could be used, Tildes will default to trusting users to behave in good faith, and punish people that take advantage of that trust. Punishments may involve losing access to certain tools or capabilities, or being banned from communities or the site as a whole.
This tends to mean that many, potentially, powerful tools cannot be added to the site, since malicious use of them would be too dangerous. Instead of restricting capabilities by needing to design around the worst way any tool could be used, Tildes will default to trusting users to behave in good faith, and punish people that take advantage of that trust. Punishments may involve losing access to certain tools or capabilities, being banned from communities or the site as a whole.
## Recognize that users are people, not just metrics
In his talk, ["Is Anything Worth Maximizing?"](http://nxhx.org/maximizing/), Joe Edelman discusses the difference between making decisions based on metrics compared to basing them on the users' reasons for visiting the site. Too often, sites focus on increasing their raw numbers (pageviews, time on site, etc.) instead of thinking about *why* the users are there and trying to improve that experience. This is generally because the site's own goals don't align with the users'—for example, relying on advertising for revenue means that the site wants to show users as many ads as possible, while users would prefer to see none at all.
In his talk, ["Is Anything Worth Maximizing?"](http://nxhx.org/maximizing/), Joe Edelman discusses the difference between making decisions based on metrics compared to basing them on the users' reasons for visiting the site. Too often, sites focus on increasing their raw numbers (pageviews, time on site, etc.) instead of thinking about *why* the users are there and trying to improve that experience. This is, generally, because the site's own goals don't align with the users'—for example, relying on advertising for revenue means that the site wants to show users as many ads as possible, while users would prefer to see none at all.
Because Tildes has been organized specifically to cater to its users' interests, this type of conflict isn't present, and we can focus solely on improving the user experience instead of obsessing over metrics that don't necessarily reflect how well the site serves its users.
......@@ -45,7 +45,7 @@ Another recent trend has to been to rely heavily on machine-learning and "person
These algorithms have largely replaced predictable and chronological feeds, instead [trying to addict users by turning the experience into a slot machine](https://medium.com/thrive-global/how-technology-hijacks-peoples-minds-from-a-magician-and-google-s-design-ethicist-56d62ef5edf3#.sydedohu0) where we're never sure if we're "done" or what content we're going to be given.
On Tildes, I want to stick to predictable ways to view content, along with using additional information (such as metadata and [tags](https://docs.tildes.net/mechanics#topic-tags)) to give users flexible methods of deciding for themselves what they want to see (and not see). Once again, since Tildes doesn't need to prioritize growth or showing ads, it can stay away from manipulative mechanics and focus on just helping users find what they want as easily as possible.
On Tildes, I want to stick to predictable ways to view content, along with using additional information (such as metadata and [tags](https://docs.tildes.net/mechanics#topic-tags)) to give users flexible methods of deciding for themselves what they want to see (and not see). Once again, since Tildes doesn't need to prioritize growth or show ads, it can stay away from manipulative mechanics and focus on just helping users find what they want as easily as possible.
## In-depth content (primarily text-based) is the most important
......
......@@ -15,7 +15,7 @@ Similar to the "privacy by default" principle that comes from [Privacy by Design
Tildes is [licensed under AGPLv3](https://gitlab.com/tildes/tildes/blob/master/LICENSE). My reasoning for this is that it seems to be the only established license that will ensure the code (and anything built on top of it) will always remain open-source.
This isn't because I believe that Tildes's code is valuable or to prevent it from being "stolen". It's intended as a *commitment*, similar in many ways to organizing as a non-profit. It means that anyone that contributes code to Tildes can do so knowing that it can *never* be closed off, for profit or any other reason.
This isn't because I believe that Tildes's code is valuable or to prevent it from being "stolen". It's intended as a *commitment*, similar in many ways to organizing as a non-profit. It means that anyone that contributes code to Tildes can do so knowing that it can *never* be closed off, for profit, or any other reason.
I recognize that there are many companies that consider AGPL-licensed code too risky to use, but I don't think that's much of a concern for a project like Tildes. I think that would be an important consideration when choosing a license for something like a library, but it's not very relevant for a service that will probably not be widely re-used.
......@@ -23,7 +23,7 @@ I recognize that there are many companies that consider AGPL-licensed code too r
There should need to be an extremely compelling reason to use a new or less-known technology to implement something if it could also be done with one of the reliable ones already being used.
This will also make it easier for people to understand and contribute to the open-source code when there are fewer pieces involved and the ones being used are generally well-known and well-documented.
This will, also, make it easier for people to understand and contribute to the open-source code when there are fewer pieces involved and the ones being used are generally well-known and well-documented.
Here's some of the main technology being used on Tildes:
......@@ -46,7 +46,7 @@ More info:
### Code quality is a priority
Especially as an open-source project that wants contributions, it's important to ensure that Tildes's code is generally high-quality and easy to understand and modify. Similar to deliberately choosing simple technology, code should also be written simply whenever possible.
Especially as an open-source project that wants contributions, it's important to ensure that Tildes's code is generally high-quality, easy to understand and modify. Similar to deliberately choosing simple technology, code should also be written simply whenever possible.
The quality of Tildes's code is kept up through code review and enforcing strict code style (by using [Black](https://black.readthedocs.io/)) and commenting standards, as well as additional tools like [mypy](http://mypy-lang.org/) to require that all functions use Python's new type-annotation system.
......@@ -74,19 +74,19 @@ The idea is that the essential part of a site should also be the most reliable&m
However, modern web development has basically flipped this pyramid upside-down. It's become standard for client-side javascript to deliver—and even generate—the HTML and CSS. Many basic, text-based sites (like blogs) no longer display anything without javascript.
I believe that relying on JS to this level is fundamentally the wrong approach to the web, so Tildes is built in the "traditional" manner. Javascript is used as minimally as possible, and ideally only when it's the only option for accomplishing something. And because of that...
I believe that relying on javascript to this level is fundamentally the wrong approach to the web, so Tildes is built in the "traditional" manner. Javascript is used as minimally as possible, and ideally only when it's the only option for accomplishing something. And because of that...
### Completely functional for browsing without javascript
Tildes will always be functional to *browse* without javascript enabled. Someone with JS disabled should be able to look through all the listings on the site, read all types of posts, and so on.
Tildes will always be functional to *browse* without javascript enabled. Someone with javascript disabled should be able to look through all the listings on the site, read all types of posts, and so on.
It won't be a priority to make *interaction* work without JS. Some features may end up naturally working due to how they're implemented, but I'm not going to worry about making things like voting functional when JS is disabled.
It won't be a priority to make *interaction* work without javascript. Some features may end up naturally working due to how they're implemented, but I'm not going to worry about making things, like voting, functional when javascript is disabled.
## Privacy
### Privacy by Design
While building Tildes, I have tried to ensure that I'm following ["Privacy by Design" (PDF)](https://www.ipc.on.ca/wp-content/uploads/2013/09/pbd-primer.pdf), a framework that encourages following certain principles to maximize user privacy. Below are these principles and how I'm trying to apply them to Tildes:
While building Tildes, I have tried to ensure that I'm following ["Privacy by Design" (PDF)](https://www.ipc.on.ca/wp-content/uploads/2013/09/pbd-primer.pdf), a framework that encourages following certain principles to maximize users' privacy. Below are these principles and how I'm trying to apply them to Tildes:
1. **Proactive not reactive; preventative not remedial**: When creating new features, think about what data will need to be stored, and consider how harmful it might be if that data was to be leaked in the future. Is it possible to reduce the amount of data being stored to lower the potential harm? Can the data eventually be aggregated or anonymized so that we're only storing recent data instead of a full history?
2. **Privacy as the default setting**: If a feature has a significant privacy impact, it should always be opt-in. A brand new account shouldn't need to comb through their settings to improve their privacy—ideally a new account already has the best privacy possible.
......@@ -112,7 +112,7 @@ Tildes has been built to be used 100% over HTTPS. [It has an A+ from the SSL Lab
Tildes utilizes an extremely restrictive [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) to eliminate the possibility of [cross-site scripting](https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting) (XSS) and various other web exploits.
XSS attacks generally happen if a malicious user discovers a way to get a <script> tag onto the site (usually by finding a loophole in how user-submitted text is processed). With the restrictive CSP used on Tildes, even if someone does discover a hole and manages to inject a script, the CSP will prevent it from having any effect.
XSS attacks, generally, happen if a malicious user discovers a way to get a <script> tag onto the site (usually by finding a loophole in how user-submitted text is processed). With the restrictive CSP used on Tildes, even if someone does discover a hole and manages to inject a script, the CSP will prevent it from having any effect.
The CSP on Tildes is quite close to the most restrictive one possible (while still allowing the site to use self-hosted scripts, images, etc.), and gets a perfect score on [Mozilla's Observatory test](https://observatory.mozilla.org/analyze/tildes.net).
......
......@@ -25,7 +25,7 @@ Groups will be linked automatically by just typing their name, including the `~`
If you'd like to link to another user's profile page, you can use the `@` prefix. For example, typing `@flaque` will convert it to [@flaque](https://tildes.net/user/flaque).
Note that linking to another user this way in a comment will also send that user a notification informing them that their username was mentioned.
Note that linking to another user this way, in a comment, will also send that user a notification informing them that their username was mentioned.
## Traditional Formatting
......@@ -168,7 +168,7 @@ If you're creating a large/complex table, it may be simplest to use one of the m
### Horizontal rules
You can add a horizontal rule line with `---`. If you want to split up some sections, you can do:
You can add a horizontal rule line with `---`. If you want to split up some sections, then you can do:
```
Chapter 1 - Once upon a time
......@@ -198,7 +198,7 @@ Which renders as: [Go to Tildes!](https://tildes.net)
## HTML-exclusive formatting
There are several formatting features that can currently only be created by writing HTML (no markdown syntax is available):
There are several formatting features that can, currently, only be created by writing HTML (no markdown syntax is available):
### "Inserted" text
......
......@@ -14,7 +14,7 @@ Similar to groups, tags also support a hierarchy by separating "sections" with p
Since tags are used for searching and filtering, try to think about how other users would want to find or filter out the topic you're tagging. For example, when tagging a post about a video game, it can be useful to include tags for the platform the game is on, as well as the game's genre.
Tags should generally be plural (when that makes sense). This is easiest to think of as a parallel to sub-groups—if there was a group for discussing watches it would probably be called ~hobbies.watches and not ~hobby.watch, so the correct tag for a post about a watch would be `watches`, not `watch`.
Tags should, generally, be plural (when that makes sense). This is easiest to think of as a parallel to sub-groups—if there was a group for discussing watches it would probably be called ~hobbies.watches and not ~hobby.watch, so the correct tag for a post about a watch would be `watches`, not `watch`.
Don't add a tag that's the same or very similar to the group that you're posting in. There's no need to add a `music` tag to posts in ~music, or `technology` tag to posts in ~tech.
......@@ -22,7 +22,7 @@ Don't add a tag that's the same or very similar to the group that you're posting
### `ask` tags
The `ask` tag should be used when the topic's purpose is to request information from other Tildes users (as opposed to the topic itself being informational). You should also usually add a sub-tag (separated by a `.`) to specify what sort of request it is. The most common ones are:
The `ask` tag should be used when the topic's purpose is to request information from other Tildes users (as opposed to the topic itself being informational). You should also, usually, add a sub-tag (separated by a `.`) to specify what sort of request it is. The most common ones are:
* `ask.help` - Requests for help with something, where there's probably a correct answer or resolution. This could include tech support, "how do I do X?", and so on.
* `ask.recommendations` - Requests for recommendations or suggestions (of music, books, games, etc.), where there's not a true "answer".
......@@ -30,10 +30,10 @@ The `ask` tag should be used when the topic's purpose is to request information
### Warning tags
Some tags are coloured differently and shown at the front of a post's tag list. These are:
Some tags are colored differently and shown at the front of a post's tag list. These are:
* `nsfw` - Posts considered "not safe for work". This includes, and is not limited to, explicit content that can be considered offensive or inappropriate for viewing in public (for example, violence, gore, and sexually suggestive content). This tag is coloured red.
* `spoiler` - Posts that reveal details about a story that could potentially ruin the surprise of learning those details on your own. This tag is coloured yellow, and hides the post text in the topic listing.
* `nsfw` - Posts considered "not safe for work". This includes, and is not limited to, explicit content that can be considered offensive or inappropriate for viewing in public (for example, violence, gore, and sexually suggestive content). This tag is colored red.
* `spoiler` - Posts that reveal details about a story that could potentially ruin the surprise of learning those details on your own. This tag is colored yellow, and hides the post text in the topic listing.
### Country/location tags
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment