You may have noticed a few weekends ago some spammers at Cafe were putting up entries which were redirecting you to their sites as soon as you landed on certain TPM pages. This kind of attack (called cross-site scripting) uses javascript to take command of the browser for malicious ends. To combat that, while we were developing a fix, we disabled self-registration and asked users to email us if they wanted to start an account. That way we could make sure bots weren't signing up and injecting harmful code into Cafe pages.

Last night we deployed a security fix that will prevent these kind of attacks by stripping out certain HTML tags from entries, such as the <script> tag. We're also stripping out the <style> tag, which can alter the legibility and structure of the site. These changes won't affect the majority of users, but please be advised if certain tags "disappear" from your entries on save, this is what is going on.

Another note -- we have elected to whitelist tags that allow embedding videos. Though this allows a high level of freedom (and a certain amount of risk), we felt that sharing videos was an integral part of TPMCafe discussion. If these tags are abused, however, we may have to reconsider.

Please let me know if you see anything funky by emailing me at al@ this domain. Thanks.