Yellow ants

Now we're at it ... It looks a bit stupid that on my account page, the right-hand column with inventory and links is now wider than the profile icon. Looky here (Firefox 1.5.0.6):

Doesn't show up in the cache description in Firefox 1.5.0.6 (WinXP). Link is good though - film looks good, but unfortunately I have no sound right now so I'll have to watch it later

Danish cachers are using the forums at geocaching.dk, so that's no issue here.

boo hoo. Glad to know you care so much about your paying customers that you'll ridicule them in public. By the way Jeremy, you've still haven't fixed the security hole on the TB pages I told you about weeks ago. Here's a simple test case: As long as you can read the text on this TB, iframes are still allowed.

Google Maps, on the other hand, virtually eliminate the need for a GPS for urban caching

I do it all. Google Maps, topo maps, read spoilers, look at pictures in advance. I don't go geocaching because I want to DNF

Tabs on profile pages, the numbers links on the bookmark listing pages.

Okay, so then we know the boo-boo is squarely on your shoulders. Functionality of the gc.com site is awful. Want to open a link in a new tab? Sorry, no can do, it's all Javascript links

Unlike your own caches, who you can find again and again and get a 'find' for it

You da man, briansnat.

Night or early morning caching in the city

Not a bad idea, but the owner would have to rate it, not other cachers. What would that solve?

Just forgot the closing tag. Should we disable quoting on the forums now? Besides, I normally put a little more care into my html than my forum posts ...

Jeremy has said the option to use JS and iframes was removed due to security concerns, not because people couldn't figure how to use it properly. So while I agree with you in principle, your point isn't relevant to the reasons Groundspeak gave for why they removed them.

That's fair enough. It still doesn't mean it wouldn't have been a good idea to announce the change to avoid shortchanging the people who were using the feature. Just because you can do something under the ToU doesn't make it smart customer relations-wise. Oh, and Jeremy - the TB pages are still horribly insecure from the continued use of iframes.

This is a big deal now for those of us who weren't around in Jan 05 to read what Jeremy said, and who have happily been utilizing the security-hole-we-didn't-know-was-a-security-hole. What makes it a bigger deal is that it was changed back without any announcement, breaking pages overnight. Also, the lack of any sort of list of "acceptable HTML" on the Edit Profile page makes it reasonable for us to have believed we were totally in the clear. Basically, it's a big deal because Groundspeak didn't clearly advertise their intentions and actions.

That doesn't matter, because HTMLTidy comes along and "improves" your code, among other things adding lots of whitespace.

So you agree with me that use of externally hosted images on cache sites should be blocked?

But I can still include images from different servers on my pages. These images might be autogenerated by a server-side script that gathers information about the visitor or even be maliciously crafted remote exploits. It seems inconsistent to block some exploits and "allow" others. Basically, I can understand why you disallow iframes. What I don't understand is why you don't make it clear in the "Edit Profile" page or somewhere else what is and what is not allowed, and why you're apparently only blocking some exploits.

I have a great job developing GIS applications, thankyouverymuch. Besides, they can't afford me

Amen. The amount of information given in the error messages about database schemas, code structure and other goodies are quite unbelievable.

Yeah, so now I'll just have to include my XSS attack page as a link saying "Click here to see my profile" instead of in an iframe. I can see how that makes people more secure. (More) seriously, how about allowing it for Premium Members? Once you've got my credit cards details I'd imagine it'd be quite easy to sic the police on me if I don't play nice. You have also disabled the "security" features on the TB pages, who happily accept iframes. Still.

What's wrong with being helpful instead of being a jerk right off the bat? I thought it, you said it

Just double-checked, and the "Edit Profile" page says nothing about the kind of HTML allowed (or, as is the case, disallowed) in the profile pages. Neither does the Terms of Service. Nowhere do I see an indication of a "right" and a "wrong" way to fill out my profile.

I believe there was no place that said that using an iframe was "the wrong way", only that the html in your profile needed to be less than X characters (that limit, by the way, isn't written anywhere conspicuous). But since you're asking, it saves me from having to edit it more than once if I want to display my profile in different contexts.