>Nobody ever talks about why this was bad for the world.
Stop just a minute there. Who says that random people copy pasting CSS and HTML they don't understand is even a good thing? Let's be clear, 99% of people don't understand that stuff, it's just copy pasting.
If you want a glitter blog, then launch a blog with that option. But letting people do it themselves just adds risk to themselves they'll never understand.
Edit: to be clear, if you said pasting <script>alert(911)</script> can be used to call the cops from your computer, then 99% of people would assume that's what it did until they tried it. 99% of people are not coders and it might as well be a foreign language they are pasting into a Google Translate to see what it means. If it happened to contain JS, well, too late. See the warnings in the FB JS console for a reminder that people are gullible and will copy paste anything they are told to.
To be fair, lots of random people (myself included) `npm install`'ing things they don't understand but seem to do the trick has generally been a good thing.
Or, at least there's been far fewer incidents of that blind trust spectacularly blowing up than the pitchfork mobs about to come after this comment might lead you to expect. Perhaps you might say that npm users at least understand the risks we take on when we do it, but I still don't think most npm users give it all that much thought...
I think you are remembering. In the blog screenshot of myspace, when it says "Javascript is not allowed", it was acting as "a sign, not a cop" [0]. Most websites were riddled with security flaws, to the point that you'll find there wasn't really any comprehensive listing of major vulnerabilities in websites because people didn't really understand that an XSS was a problem until someone actually used it in an attack. This example from 2005 shows that their security to prevent JS was sorely lacking.
Stop just a minute there. Who says that random people copy pasting CSS and HTML they don't understand is even a good thing? Let's be clear, 99% of people don't understand that stuff, it's just copy pasting.
If you want a glitter blog, then launch a blog with that option. But letting people do it themselves just adds risk to themselves they'll never understand.
Edit: to be clear, if you said pasting <script>alert(911)</script> can be used to call the cops from your computer, then 99% of people would assume that's what it did until they tried it. 99% of people are not coders and it might as well be a foreign language they are pasting into a Google Translate to see what it means. If it happened to contain JS, well, too late. See the warnings in the FB JS console for a reminder that people are gullible and will copy paste anything they are told to.