#dev 2025-05-25

2025-05-25 UTC
#
balintm added a share widget to my articles using the clipboard and web share APIs :) that was fun https://balintmagyar.com/articles/google-web-designer-path-traversal-client-side-rce-cve-2025-4613#share
#
perryflynn nice. 👍️
#
trwnh [tantek] i meant more like rel=edit points to gitea.example/sites/trwnh.com/_edit/main/content/foo/index.md and then auth is enforced separately by gitea.example asking you to login. is that deceptive? i'm not linking to authorization, i'm linking to an edit url that requires authorization. logged out users will be asked to sign in, but logged in users will be presented with the edit page
#
trwnh i think the ideal is that the edit link would only be exposed selectively but that requires pre-auth
#
trwnh am i misunderstanding rel=edit?
#
trwnh it's common practice in documentation sites to have an "edit this page" link that links back to a git forge
grufwub, balintm, [jgarber], bugliker0, xgpt and barnaby joined the channel
#
[tantek] yes it's still deceptive because "edit" to the user means literally they can immediately start editing, as noted, like with an editable text field.
#
[tantek] not "edit if you take a bunch of steps, some of which may fail, if you happen to know/remember your username/password to another site" etc. etc.
#
capjamesg I will push back on that.
#
[tantek] the common practice I have seen is "This page/site is available on GitHub/GitLab" etc.
#
capjamesg Most of my public rel=edit links link to GitHub (i.e. on my playground to HTML files you can fork and edit).
#
[tantek] either "edit" is predictable to users or it is not
#
[tantek] yeah I think we are talking about a different kind of relation then
#
[tantek] like to "source" or to a "repo"
#
[tantek] then *that* destination can have *actual* edit link
#
capjamesg rel=source may also be useful.
#
tantek.com yes I was just looking for that
#
tantek.com in our chat archives because it sounds familiar like we have discussed it in the past for linking to the repo version of a page
#
[tantek] speaking of GitHub, they are also quite strict about this, to trwnh's question. i.e. if you are logged in, there is an enabled "edit" pencil icon that you can click and immediately start typing into a text area. if you are not logged in, there is a greyed out pencil that you can't click, and hovering over it ways "You must be signed in to make or propose changes."
#
capjamesg There are very few sites that are publicly editable in the way described.
#
capjamesg Wikipedia is one, but even then not all pages are publicly editable (i.e. if a page is protected).
#
[tantek] it's just about "publicly editable" it's about *any* page that the user can immediately start editing, without taking extra steps
#
[tantek] it's not* just about "publicly editable"
#
capjamesg Right. I actually discovered I couldn't edit certain pages on Wikipedia because my edit button didn't show up.
#
[tantek] exactly right! that's how it should be
#
[tantek] "edit" should really mean, the user can edit. not the user "might" be able to edit.
#
[tantek] predictable and dependable UI is friendly UI. unpredictable and inconssistent UI is unfriendly UI.
#
capjamesg You are making a good point. We now have another rel to define 🙃
#
capjamesg I have use cases for a more explicit rel=source.
#
[tantek] I am curious whether rel=source or rel=repository makes more sense given the use-cases from yourself and trwnh of linking to repos
#
[tantek] rel=source could also be confusing with rel=canonical
#
capjamesg rel=canonical type="application/source"?
#
[tantek] but it's not the canonical page as presented, it's very much an alternate view of the page
#
capjamesg Oops; rel=alternate.
#
capjamesg Actually no.
#
capjamesg rel=source-code?
#
capjamesg There are many sites that say "View source" on them; personal sites, code landing pages, software projects.
#
[tantek] maybe that's the next thing to collect is links to examples
#
[tantek] I wonder if we collected such examples in the past
#
capjamesg What is view source?
#
Loqi It looks like we don't have a page for "view source" yet. Would you like to create it? (Or just say "view source is ____", a sentence describing the term)
#
capjamesg 😭
#
[tantek] a-ha! http://microformats.org/wiki/source-brainstorming
#
capjamesg Brainstorming: There is a notable semantic distinction between "view source code" in terms of a HTML document versus a Git repo, etc.
#
[tantek] capjamesg, on that page, note the https://refresh-dc.org/ example, it says very close to what I noted above: "Source code available on GitHub."
#
[tantek] where the word "GitHub" links to the repo for the entire site, not just the home page
#
[tantek] here is an example that is more specific: https://w3c.github.io/png/Implementation_Report_3e/ has the text " This implementation report is on GitHub. " where GitHub links to a specific folder within the repo https://github.com/w3c/png/tree/main/Implementation_Report_3e
#
[tantek] there is quite a bit of difference between: (1) link to a whole repo (that the current document may be somewhere inside), (2) link to a specific folder in a repo (that the current document is one of the files directly inside), (3) link to the precise resource/blog inside the repo that represents the document
#
[tantek] we should try to collect examples and divide them up accordingly to see if there are any patterns
#
Loqi definitely
jbrr and Guest6 joined the channel
#
capjamesg Agreed. Maybe an IndieWeb wiki page for that?
#
capjamesg I have use cases for all three of those.
#
perryflynn good morning, question regarding indieauth: once in a while I have a "GET /token" request in my logs. I don't have implemented that and don't find any hint in the spec what this route should be used for. Should I implement "GET /token"?
#
doesnm who is perryflynn
#
doesnm did you have token endpoint defined?
#
perryflynn yep. website: https://serverless.industries/ the endpoints: https://intercom.serverless.industries/swagger/
#
perryflynn I have my own indieauth server. It also works great with multiple apps, since "POST /token" exists. but I don't know if I should have "GET /token" and what it should do.
#
doesnm https://indieweb.org/token-endpoint has GET /token mention
#
perryflynn aaaah. In the spec https://indieauth.spec.indieweb.org/ there is only the intospect endpoint mentioned for checking validity of a token. thanks!
PsyLok, balintm and jonnybarnes joined the channel
#
doesnm did IndiePass not support name and photo in searching or i do something wrong? https://s.h4ks.com/BXq.png
#
doesnm can't try with monocle and together because they mess with auth
#
nsmsn Responsive Web Design (the article) is 15 years old. https://philarcher.org/diary/2025/responsive-web-design/
#
nsmsn Here’s the original article, that launched thousands of redesigns: https://alistapart.com/article/responsive-web-design/
#
nsmsn [edit] Here’s the original article, that launched thousands of redesigns: https://alistapart.com/article/responsive-web-design/
Guest6, ttybitnik, [schmarty], GuestZero_, gRegor, GuestZero, jeremycherfas, [qubyte] and rolle joined the channel
#
[tantek] capjamesg, yeah I think we should figure out how to restructure the existing microformats wiki page and perhaps create a few more either there and/or on the indieweb wiki. Worth collecting both indieweb and non-indieweb examples
#
[tantek] part of the question is what to call it, like what are the essential aspects of such links? a project being open source? source code / materials being available? an implied encouragement to file issues or PRs?
#
[tantek] is it always a repository of some sort with revisions?
#
[tantek] maybe we start with a tentative name like "source-code" (since "source" is too generic for all the reasons given on the microformats brainstorming page) and collect examples there, and then figure out the clusters of specific meanings based on the examples gathered?
barnaby and balintm joined the channel
#
[tantek] some brainstorming here in chat (from espresso time)
#
[tantek] rel=code as a way to link to the code for a page
#
[tantek] rel=repository to link to the instance of a resource in a repository
#
[tantek] rel="code repository" to link to the code file for a page in a repository
#
[tantek] rel-directory is pre-existing, so we can use rel="directory repository" to link to the folder of the file for a page, in a repository
#
[tantek] rel-home and rel-root are also pre-existing, so we can use rel="repository root" (order doesn't matter) to link to the repository root (or home) for the file for the current page
#
[tantek] rel="edit repository" - links to the edit state of the file for the current page, in a repository so you can immediately start typing into the text area
#
[tantek] in contrast to say rel="edit" for when linking to the edit state locally on the page itself like on a MediaWiki install (Wikipedia etc.) that directly shows you a textarea to edit the page you are viewing
#
[tantek] related post from a while ago: https://tantek.com/2024/245/t1/read-write-suggest-edit-update-web
#
[tantek] and previously: https://tantek.com/2011/174/t1/read-fork-write-merge-web-osb11
#
Loqi [preview] [Tantek Çelik] ✏️ I want the Read Write Suggest-Edit Accept-Edit Update Web. The consumer Infinite Scroll Web leaves us feeling empty. Too few of us participate in the Read Write Web, whether with personal sites or Wikipedia. A week ago when we wrapped up #I...
#
Loqi [preview] [Tantek Çelik] The Read Write Web is no longer sufficient. I want the Read Fork Write Merge Web. #osb11 lunch table. #diso #indieweb
barnaby, jbrr, gRegor and [KevinMarks] joined the channel
#
[KevinMarks] I have linked from my page to the github page that allows editing and a PR, but I think that does need a gh account for the PR, though it may let you copy and export the source.
#
[tantek] [KevinMarks] can you share the from page so we can analyze which type of link it is? (link to top level repo, link to directory that the file is in, link directly to the file in the repo, link to the file in the repo in an editable state with an enabled textarea)
#
[KevinMarks] https://www.kevinmarks.com/twittereditsyou.html
#
[KevinMarks] Trying in incognito, I hit a login wall
#
Loqi [preview] Twitter Edits You 2022-04-06
#
[KevinMarks] https://github.com/kevinmarks/kevin-marks.com/edit/master/web/twittereditsyou.html
#
[tantek] ooh interesting that is a direct edit link and worked for me
#
[KevinMarks] TiddlyWiki is worth a look too
#
capjamesg This is an incredible tool: https://neatnik.net/view-source/
#
capjamesg [edit] This is an incredible tool: https://neatnik.net/view-source/
#
[tantek] tools << View Source on any page, e.g. on mobile: https://neatnik.net/view-source/
#
Loqi ok, I added "View Source on any page, e.g. on mobile: https://neatnik.net/view-source/" to the "See Also" section of /tools https://indieweb.org/wiki/index.php?diff=101669&oldid=101569
barnaby joined the channel
#
neatnik oh hey that’s my tool lol
#
neatnik it’s long overdue for some updates. I should make it a PWA, too
#
capjamesg neatnik I would _love_ CSS support!
#
capjamesg And JSON too.
#
capjamesg I have wanted good code viewing tools for web pages on mobile for so long!
#
neatnik I’ll see what I can do 😊
#
capjamesg neatnik++
#
Loqi neatnik has 1 karma in this channel over the last year (3 in all channels)
#
Loqi neatnik has 2 karma in this channel over the last year (4 in all channels)
#
[tantek] neatnik++
barnaby joined the channel