» The Blog has Ears #
I opened up comments about a week ago on a provisional basis, and after fixing a couple of issues with ordering (and writing some unit tests), it should be good for general consumption.
A few design choices with the motivation behind them:
- No CAPTCHA, AJAX-only forms, or other silliness to keep out the spammers, since those approaches don't really work and effectively punish the user instead of the spammers. In its place, moderation and a one-off platform that offers security through obscurity will have to do for starters. If things become a problem, I'd prefer a Bayesian approach anyway.
- Comment formatting is provided through a simplistic macro language that's similar to the kind of markup supported in comments on Reddit. I thought about attempting to sanitize HTML or XHTML, but I wanted rigid limits on the types of formatting available and on the XHTML eventually stored in a comment and served in page views or feeds.
- Unapproved comments use a separate internal channel and persistence mechanism, so other than request routing, spammers won't impair the experience for legitimate users.