W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2011

Re: Sanitising HTML content through sandboxing

From: Adam Barth <w3c@adambarth.com>
Date: Thu, 10 Nov 2011 15:16:54 -0800
Message-ID: <CAJE5ia_qvLZW5+JWRgKBh2mchitoYmpOPe+1eWaD4ebyutWf+g@mail.gmail.com>
To: Ryan Seddon <seddon.ryan@gmail.com>
Cc: Henri Sivonen <hsivonen@iki.fi>, public-webapps@w3.org
On Thu, Nov 10, 2011 at 3:05 PM, Ryan Seddon <seddon.ryan@gmail.com> wrote:
>> DOMParser.parseFromString already takes a content type as the second
>>
>> argument. The plan is to support HTML parsing when the second argument
>> is text/html.
>
> I quite like this as it keeps it agnostic towards what it is parsing so
> other formats like MathML and SVG won't look out of place with HTMLParser
> object.
>
> How would this handle sanitising?

The web page could walk the parsed DOM and sanitize it however it
liked before adopting the nodes from the detached document into its
own document.

Adam
Received on Thursday, 10 November 2011 23:23:32 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:48 GMT