As I am reworking my layout I have a close look at each antville skin. In stories:embed

<span class="storyTitle"><% story.content part="title" suffix="<br />" %></span>
<% story.content part="text" limit="100" clipping="&nbsp;..." %><span class="small"><% story.link text="[read&nbsp;more]" prefix="&nbsp;" to="main" %><% story.editlink prefix="&nbsp;...&nbsp;" %></span><br /></span>

seems to be a span start tag missing - or one end tag too many (much?).

With all due politeness, erm, the commentsdump is still broken.

Since quite a few Antville plus quite a few non-Antville blogs use the commentsdump, this is very inconvenient. Really. I've already lost about ten items of waste into nomansland, whereas I'd rather have had them recycled at the dump. I assume others have the same experience.

So, I'll just impatiently renew the request for fixing the Blogger API, so that happy wasting may be available to all again.

Or else, if it'll take much longer, please tell us, then we could perhaps migrate the dump away from antville.

Thanks.

The latest CVS version of antville breaks the skin editor: instead of getting plain XML code, HTML-escaped XML code is returned:

<head>

becomes

<head>

with devastating effects...

Going back to the version of last Thursday results in a working skin editor again.

Das /referrers-Script läßt Werte wie 'www.foo.com"<h1>_Referrers_escapen</h1>' unverändert durchgehen.

this is the fourth bug report from me in a row, and i can't provide a code patch myself... the reason is that i'm currently working on skins that actually generate valid XHTML, and that takes up all of my antville time budget ;-)

my newest complaint is that in the "recently modified" box, the <wbr /> tag is used, which is not defined in XHTML (not even transitional).

oh, and the status quo of my experiments can be seen at ped.antville.

i just put the <% linkedpath %> macro into the "navigation skin for users" and it isn't working properly. for example, when i open "/err/stories/42/", it renders this output:
Home//Story 42

I just stumbled over the outcome of the story Login/Logout - its not a bug its a feature and I'm not very pleased with the implemented 'solution' (others aren't, too; see help.antville). Of course, it is better than nothing, because someone who takes the time to check the URL of the login form now can be sure that it hasn't been tampered with. But this is more or less insider information, and insiders don't normally log in at untrusted blogs anyway. Here's an excerpt of the comment I posted under this story a couple of weeks ago:

IMO that approach isn't any good. it's nice of nosleep to document the issue and of you to try to prevent abuse, but you simply can't prevent a weblog creator who's allowed to integrate HTML without restrictions from fooling his visitors. restricting features will definitely annoy blog owners who lose control over their creations, but it won't help protecting innocent visitors, because a workaround that will still fool many of them can always be implemented.

The idea of making the login process "a little more secure" is futile—it either is secure or it's not. To prove my point, I just added a customised login form to my blog. As I already said, this approach would only work if several more restrictions would be implemented, some of which would be ridiculously nasty.

I'd suggest, if we really want to prevent that users' passwords are stolen, we should all make our login links point to the safe login, and there we should put up a message warning users of logging in anywhere else. This is how most sites with similar issues (e.g. go.icq.com) handle this. Educating the users, warning them of the dangers and presenting them with a safe workaround really is the only way to prevent them from doing stupid things.

Another possibility would be to restrict the customisation of skins so much that it's basicly not possible to write custom HTML any longer, which would make all blogs look somewhat the same and throw the whole Antville philosophy over board, so I'd say we shouldn't go for that.

I would be okay with having every user log in at www.antville.org, but as long as they're supposed to have the option of logging in at my blog, I want to customise that form so it fits in with the rest. So please lift that restriction, it doesn't do any good anyway.