DMGImprovements II
I made two improvements to the code here at DMG in the last day or so. First, I added some more graceful handling of redirecting browsers to the domain name without the "www" on the front. The old handling is there as a fallback, but it shouldn't be necessary any more, since browsers will get redirected before the page ever displays.
More importantly, HTML in comments is now checked and rejected. This means that comments with HTML simply can't be posted to DMG. Maybe there's a clever hack around my security, but maybe not. The code is really, really simple, which is usually a sign that you're doing something right.
So, we'll see. I hope we won't be subject to any more spam here.
Update:
Interesting: a few comments have gotten through this afternoon that do contain HTML. This should go through the form validation that disallows HTML, but it's getting through somehow. It's still being flagged as spam, but the fact that it contains HTML should keep it from getting that far; it should be rejected outright. Need to do some more research.
Update II:
Yep, HTML is getting past the validation somehow. (Though it's still being flagged as spam.) I'm doing the validation on the server side, so I'm not sure how it's not catching the HTML. Either my regexp is garbage, or there's something cleverer going on here. I've tried re-submitting the content of the comment, and it gets caught, so I'm going to have to put in some more instrumentation to try to catch more data.
Update III:
Oddly, HTML is still getting through somehow, but it's all getting correctly flagged as spam. I can only surmise that whatever trick bypasses my filter is a giant red flat to Akismet.