XSS attack?

[Athas]

Preview post brings me to my browser warning about an XSS attack btw. so I haven't managed to preview to ensure html is properly escaped.

[QUOTE]Chrome detected unusual code on this page and blocked it to protect your personal information (for example, passwords, phone numbers and credit cards).
Try visiting the site's homepage.
ERR_BLOCKED_BY_XSS_AUDITOR[QUOTE]

The message I initally tried to post:

Hi,

Sorry if this is in the wrong place, but would you mind considering posting a link to the comic in question in the discussion threads? It looks to me like the discussion thread is created via a script of some nature.

So for the "New comic is up." it would be great if it was:

Code:

<a href="{comic_url}"> New comic is up. </a>

or

Code:

 New comic is up. <a href="{comic_url}"> 1153 Family Meeting </a>

*EDIT*
It appears to be the url of the comic that is causing problems.

[Zherog]

Playing with it a little bit, it looks like if you change the HTML that's within your CODE tags to use actual BB Code tags instead (in this case, [URL] tags), it'll work correctly.

For example:

Code:

New comic is up.

Or you could make that actually show the url tag by using the "noparse" tag:

Code:

[url=http://www.giantitp.com/comics/oots1153.html]New comic is up.[/url]

[Unavenger]

The HTML tags don't actually allow you to use HTML - HTML is disabled on this board, but the HTML tag is an artefact of the board design.

Presumably, the warning of an XSS attack comes from the way the preview remembers the HTML you've put into the tag and Chrome jumps at shadows detecting HTML that isn't meant to be there.