Official Horse Phenomena > Official Announcements > Post Reply     

HTML Purification

Player Avatar
Master Administrator Samantha - see page to know who to contact directly!
October 28th, 2019 10:24:48am
4,333 Posts

Good morning, HP!


As you know, we've been working a lot behind the scenes recently to make sure that HP's insides are updated and solidly protected from anyone who might try to mess with it.


So, in the spirit of that, one of the last things on our list is to implement HTML purification. Basically, what this means is that HP will filter through all HTML put on your pages (or club pages) and remove anything which could be used maliciously. This is to prevent anyone from trying to use cross site scripting to hurt the site or any of you.


For the vast majority of you, this will only mean making some minor tweaks to your layout code. This has not been turned on yet, because I wanted to warn everyone ahead of time so that you have time to make tweaks to your layouts so that they will still work afterward. We will be implementing this on Sunday November 3rd.


Please save a copy of your layout as it is now. We have a backup containing everyone's layouts, so we can send you your layout code if you need it, but it'll be a lot faster if you have your own copy.


You don't need to do anything except save your layout until Sunday. We will be releasing a full instructional guide after implementation to help you with swapping things over. It's possible that we will still need to make some tweaks and find some workarounds for common layout codes, so I'm asking that you please be patient with us during this process.


Here's what this means for layouts:

1. Your HTML and your CSS stylesheets will need to be separated. You'll have one box for HTML on your home page (and on club pages) where the main bulk of your layout will be, and then a separate box for CSS. What you will need to do is  copy everything between the style tags on your layout and paste it into the Stylesheet box. That's it!


2. Scripts will be disabled. Unfortunately there is no workaround for this because allowing outside javascript is too big of a risk. HOWEVER, if you have a tabbed layout that uses Javascript, we will be explaining how to swap it so that it will still work.


3. The layout generator layouts will need to be updated to account for this. You'll be able to swap them over following our instructions, though. I will be working on the layouts in the actual generator so that they come out working, but it might take awhile for me to get the new codes in place because we might have to iron out the kinks in the HTML purifier first.


4. Besides script, "onclick" attributes will also no longer work. There's no way for us to safely allow these, unfortunately. Again, for tabbed layouts, we have a workaround, but if you're using them anywhere else, unfortunately, they won't work anymore.


For those of you who want to get prepared early, click here for the list of tags and attributes that are currently on our list to be allowed. If needed, we can add more things to this list (as long as it can be done safely). We are HAPPY to work with you and you can message me at any time with questions or if you need clarification.


We hope that you understand why we are doing this, and that the transition is smooth! Once this is done, we will open registration again.


Again, please let me know if you have any questions!


Happy Monday!




View Comments 1

Player Avatar
Master Administrator Samantha - see page to know who to contact directly!
October 28th, 2019 10:28:39am
4,333 Posts



- align

- size

- width


- href

- rel

- class

- id

- style


- src

- height

- width

- alt

- align

- border

- hspace

- style

- title

- class

















- size

- color

- face

!-- --




- align

- class

- id




- cols

- rows

- wrap

- maxlength

- name

- readonly


- align

- bicolor

- border

- cellpadding

- cellspacing

- width

- class

- id

- style


- align

- bgcolor

- valign


- colspan

- headers

- rowspan

- align

- bgcolor

- height

- nowrap

- valign

- width

- style


- colspan

- headers

- rowspan

- align

- bgcolor

- height

- nowrap

- valign

- width

- style




- align

- class

- id

- style










- class

- id

- lang




- rel

- href






Player Avatar
Concourse [but as she was leaving, it felt like breathing]
October 28th, 2019 10:52:02am
2,902 Posts

Not looking forward to this. XD Okay, so will this impact imported css stylesheets hosted off of hp? And how hard will the update to tabs be? When will that helpful guide be released? 



Player Avatar
Master Administrator Samantha - see page to know who to contact directly!
October 28th, 2019 11:00:46am
4,333 Posts

Yes, it will impact offsite stylesheets. You will just have to stick them in the stylesheet box on HP, though, so it should be really simple :).

It'll be super easy. Bascially where you name each tab in your layout you'll take out the Javascript and replace it with something like %tab1% (I'll put the exact pieces of code in the guide).

It'll for sure be released with the changes, possibly a few days before. I just have to finish it up :).


Player Avatar
Concourse [but as she was leaving, it felt like breathing]
October 28th, 2019 3:26:51pm
2,902 Posts

Only I have layouts by Trig that idk if I can do that with? and at least one by monnie that uses the external style sheet. I guess I will have to message them both. Thankfully they are still here.



Player Avatar
mango 🍑 stay your pretty eyes on course
October 28th, 2019 5:26:51pm
2,926 Posts

Alright so I have an update and put up more info in my Coding tab, but basically - if you have a code by me and need help updating it when the purifier goes live, message me! I will happily split your HTML and CSS and send them separately so you can place them in the correct boxes.

As for tabbed codes, that will take some time for me to update it for you. I have to look up the new tab system and figure out how to style that before I can update older layouts with the new tab styles.

When it comes to the tags - I don't see any issues at the moment, but if you notice something isn't showing up or looks wonky, message me! I'll see if it's a quick fix, if there's an alternative tag, or if Sam can get it whitelisted ^^ 

(and because of the time it'll take to do that, and the influx of player layouts I expect will need to be fixed, orders for new layouts will be closed for a while)


This does suck - our blank coding canvas is being taken away v-v But it is necessary and I understand why it's being done. Thanks for doing your best to keep HP secure Sam, and for being so willing to work with us coders to make this as painless as possible ^^



Player Avatar
Concourse [but as she was leaving, it felt like breathing]
October 28th, 2019 5:41:24pm
2,902 Posts

Yeah, I'm worried about my masterpiece currently parked on my retirement account 😭



Player Avatar
Administrator BLiTZ 🎆 hello, 2025
October 28th, 2019 7:18:32pm
6,522 Posts

Thanks for your offer, Monnie! ♥



Player Avatar
Master Administrator Samantha - see page to know who to contact directly!
October 29th, 2019 11:46:57am
4,333 Posts

Monnie, you're so sweet!


Player Avatar
Master Administrator Samantha - see page to know who to contact directly!
October 29th, 2019 11:52:39am
4,333 Posts

Con, taking a quick look at the layout on your retirement account, I don't immediately see anything that will be a big issue. You will need to replace all of the tab scripts, but I will be providing you a guide on what exactly you need to change (and it'll be really, really easy. I promise.), and you will need to separate out your stylesheet. The only thing I can see immediately that won't work is where you have a marquee in your update box.


Player Avatar
Administrator 🐈~Broken Vow~❄️
October 29th, 2019 4:21:17pm
8,756 Posts

Mango is the best! < 3

Thanks for the heads up Sam! :D

pjd1sOi.png uoRNx1M.png BGYKLiO.png


Player Avatar
Concourse [but as she was leaving, it felt like breathing]
October 29th, 2019 5:01:26pm
2,902 Posts

Ohh YAY! That sounds good. I just has me nervous (I hate change xD).


Mango is the bestest! I just saw her offer and that's amazing.



Player Avatar
October 31st, 2019 10:09:21pm
3,521 Posts

This makes me slightly happy cause I have been trying to figure out a way to make tabs (I have basically been doing a javascript with radio buttons just not displaying that...) maybe this way will be easier? idk but looking forward to it!



Player Avatar
SaturniaᛉContest winners announced!!
November 1st, 2019 12:49:26pm
3,988 Posts

Coding is basically alien language to me like little green men in silver suits running around screaming HTML codes at me. So - I will definitely have to reach out/phone a friend when this time comes (:


View Comments 1