StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
1690651
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2009-11-06T21:40:27.283
FavoriteCount
0
LastActivityDate
2012-04-08T09:05:26.630
LastEditDate
2012-04-08T09:05:26.630
LastEditorUserId
934739
OwnerUserId
14048
ParentId
1690601
PostTypeId
2
Score
6
ViewCount
0
LastEditorDisplayName
text
Body
There are two issues with what you've proposed: <ol> <li>I don't see a way for your users to be able to format posts. You took advantage of Markdown to provide nice numbered lists, for example. In the proposed no-tags-no-exceptions world, I'm not seeing how the end user would be able to do such a thing.</li> <li>Considerably more important: When using Markdown as the "native" formatting language, and whitelisting the other available tags,you are limiting not just the input side of the world, but the output as well. In other words, if your display engine expects Markdown and only allows whitelisted content out, even if (God forbid) somebody gets to the database and injects some nasty malware-laden code into a bunch of posts, the actual site and its users are protected because you are sanitizing it upon display, as well.</li> </ol> There are some good resources on the web about output sanitization: <ul> <li><a href="http://www.diovo.com/2008/09/sanitizing-user-data-how-and-where-to-do-it/" rel="noreferrer">Sanitizing user data: Where and how to do it</a></li> <li><a href="http://www.analyticalengine.net/2008/09/output-sanitization/" rel="noreferrer">Output sanitization</a> (One of my clients, who shall remain nameless and whose affected system was not developed by me, was hit with this exact worm. We have since secured those systems, of course.)</li> <li><a href="http://www.biztechmagazine.com/article.asp?item_id=159" rel="noreferrer">BizTech: Best Practices: Never heard of XSS?</a></li> </ul>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POMarkdown and XSS
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USGerard Roche
UserOwnerUserId
1. USJohn Rudy
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTApproveEditSuggestion
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COAs for point #1, I think you misunderstood OP. You would still use Markdown-style numbered lists, no problem, because the HTML tag removal would happen *before* Markdown converted `1. Foo` into `<li>Foo</li>`.
 singulars
 PostPostId
 PO
 UserUserId
 USAlan H.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.