Jump to content

Release Notes 4/16/08


OpinioNate

Recommended Posts

 

So the listing was ok for more then a year, then it was disallowed. Java is not even activated when the commands where called on. There in not even the word script in the lines of code. So what damage is this causing?

 

Javascript is not java. You can do various malicious things using onclick and ondblclick events. (such as hijacking / exploiting your browser using the bug of the day)

 

It's not really possible to just allow 'some' javascript.

 

Security has been extremely lax on this site until now, they are just starting to understand it.

 

As an example, the hack recently on Barack Obama's website which redirected visitors to Hillary Clinton's site was done using inline javascript. (which is what onclick/ondblclick are.. )

 

-Ben

Link to comment

What is going on?

Since today links in html are being disabled too.

This is almost no fun anymore!

 

GeoBSWEScout

 

It's not a game no more, thats whats up.

 

I can confirm that : <a href= is not working anymore. I wish I had been given heads up about this. However, the links that were already in my caches are still working. They only get broken if I edit the cache description. By the way this means that you can no longer use "GEOCHECKER.COM" in your puzzle caches if this is not fixed.

 

here is an example

 

<a href="http://www.geocaching.com/seek/cache_details.aspx?guid=03fce875-ccc7-4886-8c6c-9931c8af0689">

Foster's Cache</a><br>

Edited by Rontro
Link to comment
I can confirm that : <a href= is not working anymore.

 

...

 

here is an example

 

Have you actually looked at that cache? It looks fine to me and all the links work. The link problem was corrected within a few days of that release that broke them.

Link to comment

Two problems I don't see mentioned above.

 

First, rel and title attributes are being removed from <a> tags in the cache description. I posted details in a new thread lightbox calls filtered out? and benh57 kindly pointed me to this thread, which I should have known to look for first. :blink: rel and title should be safe, and I had used them to call lightbox in the description for GC8413. See the thread linked above for more discussion and details, including discussion of the (lack of) security issues for these attributes.

 

Second, links in my profile (at least in some contexts) are being outright garbled. This appears to be the same issue noted above in another context. The "<a href=" is simply being stripped and the closing ">" replaced by ">". The link is displaying as text instead of as a link. See the LogicWeave CacheStats table in my profile for an example. If I go to edit my profile, the missing characters are there -- they are being stored but dropped while serving the page.

 

Ooh, but -- it doesn't happen all the time! Is it possible that a fix did not get distributed to all servers? I saw this second problem very clearly 20 minutes ago but now it looks OK ...

 

Edward

Link to comment
I can confirm that : <a href= is not working anymore.

 

...

 

here is an example

 

Have you actually looked at that cache? It looks fine to me and all the links work. The link problem was corrected within a few days of that release that broke them.

I cannot use html on any of my new (unpublished) caches, although my other cache pages are still doing fine even when I edit them. :blink:

Link to comment
I cannot use html on any of my new (unpublished) caches, although my other cache pages are still doing fine even when I edit them. :blink:

Very strange. I just set up a new cache and had no trouble using basic HTML. I wonder, as I've wondered in some other cases recently, if gc.com is having trouble synchronizing code over multiple servers and thus if it makes a difference which server you hit.

 

Edward

Link to comment

So all of the work I put into the addition of simple pulldown menus to link the caches in a series together was for nothing now, because they have all been stripped out? I get the impression they will be added back sometime, maybe (which is the usual answer for anything... maybe, sometimes, etc...), but if it is at the same speed as the reactivation of the "archived caches" filter on the geocaching.com google maps, I won't be holding my breath. That was promised a long time ago, with the simple statement that it would be added back in "sometime".

 

When can we expect this to be fixed?

Link to comment
So all of the work I put into the addition of simple pulldown menus to link the caches in a series together was for nothing now, because they have all been stripped out? I get the impression they will be added back sometime, maybe

No, probably not. See above -- Ambrosia had done the same thing and expects to have to change it.

 

The problem is that a drop-down menu is an HTML form, albeit a very simple one. HTML forms are subject to abuse, and it would be difficult to allow just drop-down menus and nothing else about forms. Perhaps it's possible, and if enough people use the feature then perhaps it would be worth the trouble. However, it seems to me that the workarounds of either placing those caches in a public bookmark list, or simply putting links to them in the description, is sufficient to move allowing drop-downs to a low priority. Not as neat in some circumstances, but pretty good.

 

In fact, it might be more useful to request a feature for public bookmark lists to include a drop-down when they appear on a cache page. This might have to be limited in size to avoid excessive page text when a cache is on several very large bookmark lists, but overall this might be more useful then personal implementation of drop-downs. What you want would then be just a special case of a general feature.

 

Edward

Link to comment
I can confirm that : <a href= is not working anymore.

 

...

 

here is an example

 

Have you actually looked at that cache? It looks fine to me and all the links work. The link problem was corrected within a few days of that release that broke them.

 

Sorry for the confusion. That link is one of my caches that were still working. It was an example of the HTML code that was stripped. However this morning I went back to the cache that was broken and tried to put back the links. Today it worked just fine and I was able fix it up.

 

This was the cache that was messed up. It is all better now:

 

http://www.geocaching.com/seek/cache_detai...7b-e280a6a975df

 

Ron

Link to comment
So all of the work I put into the addition of simple pulldown menus to link the caches in a series together was for nothing now, because they have all been stripped out? I get the impression they will be added back sometime, maybe

No, probably not. See above -- Ambrosia had done the same thing and expects to have to change it.

 

The problem is that a drop-down menu is an HTML form, albeit a very simple one. HTML forms are subject to abuse, and it would be difficult to allow just drop-down menus and nothing else about forms. Perhaps it's possible, and if enough people use the feature then perhaps it would be worth the trouble. However, it seems to me that the workarounds of either placing those caches in a public bookmark list, or simply putting links to them in the description, is sufficient to move allowing drop-downs to a low priority. Not as neat in some circumstances, but pretty good.

 

In fact, it might be more useful to request a feature for public bookmark lists to include a drop-down when they appear on a cache page. This might have to be limited in size to avoid excessive page text when a cache is on several very large bookmark lists, but overall this might be more useful then personal implementation of drop-downs. What you want would then be just a special case of a general feature.

 

Edward

 

I feel it would be more useful to request that functions which do not pose a security threat be reinstated. I would love to know what the concern over this particular piece of HTML coding is. And many others. Some HTML functions are possible security risks (although, from what I understand, there haven't been any/many problems... I could be wrong, but nothing has ever been made public about problems with these), but many are not.

 

You know the phrase "Throw the baby out with the bathwater"? It would make a lot more sense to fix specific issues than disable access to an entire portion of the coding to the site for everyone.

 

Sounds like several other issues which have received complaints for this website. Virtuals, Waymarks, HTML Coding, name changes, etc. Block/change access for everyone to everything in the category, rather than deal with the issues on a more reasonable, simple level - handle problems as they come up. But that's just my (albeit often stated and well understood) opinion - doesn't mean anything will change.

Link to comment
I cannot use html on any of my new (unpublished) caches, although my other cache pages are still doing fine even when I edit them. :D

Very strange. I just set up a new cache and had no trouble using basic HTML. I wonder, as I've wondered in some other cases recently, if gc.com is having trouble synchronizing code over multiple servers and thus if it makes a difference which server you hit.

 

Edward

Argh! Remind me never to post about technical issues at three in the morning again. :blink: I just hadn't hit the box for html. How embarrassing. :o:o:o Figured it out immediately this morning.

Link to comment

Overall I am happy with the website, I am quite impressed with the capabilities. I would like to see if it is possible to add a mail forwarding feature where an e-mail can be sent to username@geocaching.com and it would forward through the website to the person's permanent e-mail address. In other words, it is not an e-mail service but an address that will just forward to the e-mail address on record. This way, caches could be hidden and reference the username@geocaching.com and the cache owner could get notes if somebody had an issue with the cache (I am specifically thinking how muggles could contact an owner if needed).

Link to comment

Overall I am happy with the website, I am quite impressed with the capabilities. I would like to see if it is possible to add a mail forwarding feature where an e-mail can be sent to username@geocaching.com and it would forward through the website to the person's permanent e-mail address. In other words, it is not an e-mail service but an address that will just forward to the e-mail address on record. This way, caches could be hidden and reference the username@geocaching.com and the cache owner could get notes if somebody had an issue with the cache (I am specifically thinking how muggles could contact an owner if needed).

 

They already have something similar (heh - the "workaround" I always complain about) - if you click on the owner's name, you get their profile. You can click on their "Send a message" link to send them an email without the owner giving theirs away unless they choose to.

 

I think the email idea is fine - but as one reviewer said to me when I complained about the inconsistency in reviewing standards, they don't even provide reviewers with gc.com addresses - why would they make ones for us if they won't even do this for their volunteers?

Link to comment

Overall I am happy with the website, I am quite impressed with the capabilities. I would like to see if it is possible to add a mail forwarding feature where an e-mail can be sent to username@geocaching.com and it would forward through the website to the person's permanent e-mail address. In other words, it is not an e-mail service but an address that will just forward to the e-mail address on record. This way, caches could be hidden and reference the username@geocaching.com and the cache owner could get notes if somebody had an issue with the cache (I am specifically thinking how muggles could contact an owner if needed).

That would make it way too easy to spam people. No thanks.

Link to comment
I feel it would be more useful to request that functions which do not pose a security threat be reinstated. I would love to know what the concern over this particular piece of HTML coding is. And many others.
One word: phishing.

 

One example: you could code a form which says "to view details of this cache, re-enter your user ID and password", and sends the input to a different web site.

 

When a web user clicks on a link, he/she generally has the understanding that it might go to another site. Not so for a popup/dropdown menu. So if a pop-menu redirected to a phishing web site which looked like a cache page, it could fool users into entering private info.

 

Yes, a list of links to other caches would be safe. The problem is that HTML has too many capabilities to be easy to analyze. It's not quite a full programming language (for which analysis is theoretically extremely difficult), but it's still very difficult to analyze unrestricted code even in a research setting. There are some "throttle points" at which potentially dangerous access can be much more easily blocked, and forms are one of these. (And JavaScript is a full programming language, so it's even more difficult to analyze for safety.)

It would make a lot more sense to fix specific issues than disable access to an entire portion of the coding to the site for everyone.
This is the approach Microsoft took with Windows (not to mention the approach Intel took in their CPU design), and is the reason it has been so extremely difficult and costly to plug the security holes in Windows. Although what you say does sound like a good idea on the surface, it has been proven to be very dangerous. It is much safer, and in the long run much cheaper, to create a totally safe environment and then extend it specifically where needed.

 

In this case, providing more convenient ways to show lists of links to other caches -- for example, showing bookmark lists as popup menus -- is in the latter category.

Sounds like several other issues which have received complaints for this website. Virtuals, Waymarks, HTML Coding, name changes, etc.
You are mixing different issues. Virtuals and waymarks were not web site issues but geocaching issues (whether you agree with the outcome or not). ISTR that name changes were indeed a web site issue, but OTOH that seems to be something mostly needed by users just starting out, when relogging isn't a big deal, and thus of low value to re-implement.
Block/change access for everyone to everything in the category, rather than deal with the issues on a more reasonable, simple level - handle problems as they come up.
As discussed above, "allow everything and fix problems" has be shown by long and hard experience to be costly and dangerous.

 

Edward

Link to comment

I didn't see this specific issue addressed in this thread, but it seems like it's related to the other things that have been discussed.

 

I have a puzzle cache that uses "title" attributes in <img> tags to hide the information necessary to solve the puzzle.

 

Or, I should say, I used to have a puzzle cache like that. Now all of my <img> tags have had all of their attributes stripped except for the "src" attribute, breaking the puzzle.

 

I can't, for the life of me, understand how a "title" attribute can be a security problem, but that doesn't mean it's not possible.

 

If there's no issues, can we have the "title" attributes back, plz?

 

-eP

Link to comment
I have a puzzle cache that uses "title" attributes in <img> tags to hide the information necessary to solve the puzzle.

The title attribute was part of my complaint, though in a different context, and it didn't affect me as severely.

 

Clearly gc.com went to a system of only allowing white-listed attributes. This is a Super Good Idea in terms of security. Unfortunately it does not seem that they did much to analyze what was already in use and why.

 

Edward

Link to comment
Unfortunately gc.com hasn't been keeping up their side of the bargain with respect to the problems posted here recently. I would have expected some feedback from Raine.

Or from OpinioNate, in his last message April 22th, he wrote:

 

Just a quick note about these cache description problems you're all having - we're still working on solutions to each of the issues (special characters, fonts, image alignments etc.) so please be patient and I'll update you as they are fixed.

 

Please don't edit your caches beyond posting a note to let people know certain elements will be missing for a little while. We are working hard to get these fixes in but the ubbtextbox (not htmltidy) is very uncooperative at the moment.

I edited all mine a long time ago and glad I did, I like them better now also. Fortunatly I didn't have code that was more problematic like a few here.

Link to comment

Just a quick note about these cache description problems you're all having - we're still working on solutions to each of the issues (special characters, fonts, image alignments etc.) so please be patient and I'll update you as they are fixed.

 

Please don't edit your caches beyond posting a note to let people know certain elements will be missing for a little while. We are working hard to get these fixes in but the ubbtextbox (not htmltidy) is very uncooperative at the moment.

Hmm.. you mentionned special characters, so I guess that would be the problem reported here..

I'm surprised that a major release like this one did not correct the "special characters" problems like these:

- In GPX:

screen00920080529142304el5.gif

- In Pocket Query preview:

screen01020080529142910ux7.gif

Link to comment

It was not our intention to restrict the usage of HTML to the degree that it has been restricted. As Lil Devil pointed out it is only the Forms which were a security issue on the site. I will make sure this is reviewed as soon as possible so your caches are returned to their prior state. I'm sorry to scare you guys like that.

It's been nearly 3 months. Some of my caches are still messed up by the stripping out of HTML code including onclick, ondblclick, onmouseover and onmouseout. Also, I'm unsure as to what code I can use with new caches; a list of excluded code and workarounds would be helpful. Thanks.

Link to comment
Some of my caches are still messed up by the stripping out of HTML code including onclick, ondblclick, onmouseover and onmouseout.

Which is JavaScript...

Also, I'm unsure as to what code I can use with new caches; a list of excluded code and workarounds would be helpful. Thanks.

Could be handy

Link to comment

I don't want to get annoying with this, but I still have a cache that has been disabled since April due to the onclick, and ondblclick not working! I realize that we have very hard working people trying to get it fixed, but is their anyway that we can get an update from someone regarding a status?

Link to comment
Some of my caches are still messed up by the stripping out of HTML code including onclick, ondblclick, onmouseover and onmouseout.

Which is JavaScript...

I don't understand the problem. The cache pages are full of JavaScript. Our use of these event handlers merely calls simple images. Assuming that the code could potentially be used for nefarious purposes, is there is a benign way to do the same function (click or double-click a button to reveal characters)?

Link to comment
I don't want to get annoying with this, but I still have a cache that has been disabled since April due to the onclick, and ondblclick not working!

Unlikely to happen. As previously explained, what comes after onclick is JavaScript. While you only want to use innocuous JS, it's virtually impossible to analyze the string and determine automatically whether it's benign, so they have to prohibit JS.

 

20/20 hindsight says that allowing HTML in cache descriptions was a Super Bad Idea. It would have been far better to create an extended BBcode so they could allow things like this safely. It would be better to do that now, though existing HTML would have to be grandfathered. No idea whether there's any chance of it happening.

 

The cache pages are full of JavaScript.

Not user-written JS. JS is just a tool, and like all tools can be used for good or bad. (Classic example: you can kill someone with a hammer.) Separating the good from the bad is a hard problem. And I don't mean it just takes a little longer -- it's related to very difficult unsolved theoretical issues in computer science.

 

Our use of these event handlers merely calls simple images. Assuming that the code could potentially be used for nefarious purposes, is there is a benign way to do the same function (click or double-click a button to reveal characters)?

Not at present. See above -- verifying that's benign is non-trivial, and at present there is no alternative to using JS to achieve such an effect.

 

The problem is larger than gc.com. The division between HTML, CSS, and JS is sometimes poorly placed. In this case, all you really want to do is to trigger a CSS shift. But to do that, you have to click an HTML link which invokes JS which changes the CSS. How clever.

 

Edward

Link to comment
I don't want to get annoying with this, but I still have a cache that has been disabled since April due to the onclick, and ondblclick not working!

Unlikely to happen. As previously explained, what comes after onclick is JavaScript. While you only want to use innocuous JS, it's virtually impossible to analyze the string and determine automatically whether it's benign, so they have to prohibit JS. ...

That makes sense, I suppose. But if there is little chance of JavaScript coming back and no alternatives, why are we left hanging for months? Why not tell us the ground rules for cache descriptions? I have to assume the site programmers have something up their sleeve; I'd just like a little hint of when we can expect it.

Link to comment
I don't want to get annoying with this, but I still have a cache that has been disabled since April due to the onclick, and ondblclick not working!

Unlikely to happen. As previously explained, what comes after onclick is JavaScript. While you only want to use innocuous JS, it's virtually impossible to analyze the string and determine automatically whether it's benign, so they have to prohibit JS. ...

That makes sense, I suppose. But if there is little chance of JavaScript coming back and no alternatives, why are we left hanging for months? Why not tell us the ground rules for cache descriptions? I have to assume the site programmers have something up their sleeve; I'd just like a little hint of when we can expect it.

 

I agree with this....I would like official word if JavaScript is going to be allowed anymore. I have a cache that requires Java Script (GC12TGV) and it has been disabled since April! I want to be able to do something with that location...whether it be archive and place a new cache. Or wait it out if Java Script is going to be allowed again.

Link to comment

Here are the allowable allowable HTML tags for cache pages.

 

 
<tags>
- <tag name="a">
- <attr name="href">
 <val>*</val> 
 </attr>
- <attr name="target">
 <val>_blank</val> 
 <val>_top</val> 
 </attr>
- <attr name="align">
 <val>right</val> 
 <val>left</val> 
 <val>center</val> 
 </attr>
- <attr name="style">
 <val>*</val> 
 </attr>
- <attr name="name">
 <val>*</val> 
 </attr>
- <attr name="rel">
 <val>nofollow</val> 
 </attr>
 </tag>
- <tag name="address">
- <attr name="nowrap">
 <val>*</val> 
 </attr>
 </tag>
 <tag name="b" /> 
 <tag name="big" /> 
- <tag name="bgsound">
- <attr name="src">
 <val>*</val> 
 </attr>
- <attr name="loop">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="br">
- <attr name="style">
 <val>*</val> 
 </attr>
- <attr name="clear">
 <val>*</val> 
 </attr>
 </tag>
 <tag name="cite" /> 
 <tag name="code" /> 
 <tag name="dfn" /> 
 <tag name="em" /> 
 <tag name="smp" /> 
- <tag name="map">
- <attr name="name">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="area">
- <attr name="shape">
 <val>rect</val> 
 <val>circle</val> 
 <val>poly</val> 
 <val>default</val> 
 </attr>
- <attr name="co-ords">
 <val>*</val> 
 </attr>
- <attr name="coords">
 <val>*</val> 
 </attr>
- <attr name="href">
 <val>*</val> 
 </attr>
- <attr name="target">
 <val>*</val> 
 </attr>
 <attr name="nohref" /> 
 </tag>
 <tag name="code" /> 
 <tag name="i" /> 
 <tag name="u" /> 
 <tag name="h1" /> 
 <tag name="h2" /> 
 <tag name="h3" /> 
 <tag name="h4" /> 
 <tag name="h5" /> 
 <tag name="h6" /> 
- <tag name="ul">
- <attr name="type">
 <val>disc</val> 
 <val>square</val> 
 <val>circle</val> 
 </attr>
- <attr name="compact">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="li">
- <attr name="type">
 <val>disc</val> 
 <val>square</val> 
 <val>circle</val> 
 <val>1</val> 
 <val>a</val> 
 <val>i</val> 
 </attr>
- <attr name="value">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="h1">
- <attr name="style">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="h2">
- <attr name="style">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="h3">
- <attr name="style">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="h4">
- <attr name="style">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="h5">
- <attr name="style">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="marquee">
- <attr name="align">
 <val>top</val> 
 <val>middle</val> 
 <val>bottom</val> 
 </attr>
- <attr name="behavior">
 <val>scroll</val> 
 <val>slide</val> 
 <val>alternate</val> 
 </attr>
- <attr name="bgcolor">
 <val>*</val> 
 </attr>
- <attr name="direction">
 <val>left</val> 
 <val>right</val> 
 </attr>
- <attr name="height">
 <val>*</val> 
 </attr>
- <attr name="hspace">
 <val>*</val> 
 </attr>
- <attr name="loop">
 <val>*</val> 
 </attr>
- <attr name="scrollamount">
 <val>*</val> 
 </attr>
- <attr name="scrolldelay">
 <val>*</val> 
 </attr>
- <attr name="vspace">
 <val>*</val> 
 </attr>
- <attr name="width">
 <val>*</val> 
 </attr>
 </tag>
 <tag name="pre" /> 
 <tag name="em" /> 
 <tag name="style" /> 
 <tag name="strike" /> 
 <tag name="center" /> 
 <tag name="strong" /> 
 <tag name="sub" /> 
 <tag name="sup" /> 
 <tag name="tt" /> 
 <tag name="var" /> 
- <tag name="blockquote">
- <attr name="style">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="p">
- <attr name="align">
 <val>*</val> 
 </attr>
- <attr name="style">
 <val>*</val> 
 </attr>
 </tag>
 <tag name="s" /> 
 <tag name="small" /> 
- <tag name="span">
- <attr name="style">
 <val>*</val> 
 </attr>
- <attr name="class">
 <val>*</val> 
 </attr>
 </tag>
- <attr name="align">
 <val>left</val> 
 <val>right</val> 
 <val>center</val> 
 </attr>
- <attr name="style">
 <val>*</val> 
 </attr>
- <attr name="class">
 <val>*</val> 
 </attr>
- <attr name="nowrap">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="body">
- <attr name="background">
 <val>*</val> 
 </attr>
- <attr name="bgproperties">
 <val>*</val> 
 </attr>
- <attr name="style">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="ol">
- <attr name="type">
 <val>1</val> 
 <val>a</val> 
 <val>i</val> 
 </attr>
- <attr name="id">
 <val>1</val> 
 <val>a</val> 
 </attr>
- <attr name="start">
 <val>*</val> 
 </attr>
- <attr name="compact">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="hr">
- <attr name="size">
 <val>*</val> 
 </attr>
- <attr name="color">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="img">
- <attr name="style">
 <val>*</val> 
 </attr>
- <attr name="src">
 <val>*</val> 
 </attr>
- <attr name="align">
 <val>absbottom</val> 
 <val>absmiddle</val> 
 <val>baseline</val> 
 <val>bottom</val> 
 <val>left</val> 
 <val>middle</val> 
 <val>right</val> 
 <val>texttop</val> 
 <val>top</val> 
 </attr>
- <attr name="border">
 <val>0</val> 
 <val>1</val> 
 <val>2</val> 
 <val>3</val> 
 </attr>
- <attr name="height">
 <val>*</val> 
 </attr>
- <attr name="width">
 <val>*</val> 
 </attr>
- <attr name="vspace">
 <val>*</val> 
 </attr>
- <attr name="hspace">
 <val>*</val> 
 </attr>
- <attr name="alt">
 <val>*</val> 
 </attr>
- <attr name="title">
 <val>*</val> 
 </attr>
- <attr name="usemap">
 <val>*</val> 
 </attr>
- <attr name="class">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="table">
- <attr name="style">
 <val>*</val> 
 </attr>
- <attr name="background">
 <val>*</val> 
 </attr>
- <attr name="bordercolor">
 <val>*</val> 
 </attr>
- <attr name="border">
 <val>*</val> 
 </attr>
- <attr name="cellpadding">
 <val>*</val> 
 </attr>
- <attr name="cellspacing">
 <val>*</val> 
 </attr>
- <attr name="width">
 <val>*</val> 
 </attr>
- <attr name="height">
 <val>*</val> 
 </attr>
- <attr name="cols">
 <val>*</val> 
 </attr>
- <attr name="bgcolor">
 <val>*</val> 
 </attr>
- <attr name="vspace">
 <val>*</val> 
 </attr>
- <attr name="valign">
 <val>*</val> 
 </attr>
- <attr name="align">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="td">
- <attr name="style">
 <val>*</val> 
 </attr>
- <attr name="background">
 <val>*</val> 
 </attr>
- <attr name="valign">
 <val>*</val> 
 </attr>
- <attr name="height">
 <val>*</val> 
 </attr>
- <attr name="align">
 <val>*</val> 
 </attr>
- <attr name="width">
 <val>*</val> 
 </attr>
- <attr name="nowrap">
 <val>*</val> 
 </attr>
- <attr name="bordercolor">
 <val>*</val> 
 </attr>
- <attr name="border">
 <val>*</val> 
 </attr>
- <attr name="bgcolor">
 <val>*</val> 
 </attr>
- <attr name="colspan">
 <val>*</val> 
 </attr>
- <attr name="rowspan">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="tr">
- <attr name="style">
 <val>*</val> 
 </attr>
- <attr name="valign">
 <val>*</val> 
 </attr>
- <attr name="height">
 <val>*</val> 
 </attr>
- <attr name="align">
 <val>right</val> 
 <val>left</val> 
 <val>center</val> 
 </attr>
- <attr name="width">
 <val>*</val> 
 </attr>
- <attr name="nowrap">
 <val>*</val> 
 </attr>
- <attr name="bordercolor">
 <val>*</val> 
 </attr>
- <attr name="border">
 <val>*</val> 
 </attr>
- <attr name="bgcolor">
 <val>*</val> 
 </attr>
- <attr name="rowspan">
 <val>*</val> 
 </attr>
- <attr name="colspan">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="th">
- <attr name="colspan">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="col">
- <attr name="width">
 <val>*</val> 
 </attr>
- <attr name="style">
 <val>*</val> 
 </attr>
 </tag>
- <attr name="span">
 <val>*</val> 
 </attr>
- <tag name="caption">
- <attr name="valign">
 <val>*</val> 
 </attr>
- <attr name="height">
 <val>*</val> 
 </attr>
- <attr name="align">
 <val>*</val> 
 </attr>
- <attr name="width">
 <val>*</val> 
 </attr>
- <attr name="nowrap">
 <val>*</val> 
 </attr>
- <attr name="bordercolor">
 <val>*</val> 
 </attr>
- <attr name="bgcolor">
 <val>*</val> 
 </attr>
- <attr name="rowspan">
 <val>*</val> 
 </attr>
- <attr name="colspan">
 <val>*</val> 
 </attr>
 </tag>
- <tag name="font">
- <attr name="size">
 <val>*</val> 
 </attr>
- <attr name="color">
 <val>*</val> 
 </attr>
- <attr name="face">
 <val>*</val> 
 </attr>
 </tag>
 <tag name="fieldset" /> 
- <tag name="legend">
- <attr name="style">
 <val>*</val> 
 </attr>
 </tag>
 <tag name="kbd" /> 
 <tag name="listing" /> 
 <tag name="samp" /> 
 </tags>


Edited by OpinioNate
Link to comment
Guest
This topic is now closed to further replies.
×
×
  • Create New...