Re: In-browser sanitization vs. a “Safe Node” in the DOM from Chris Palmer on 2016-01-22 (public-webappsec@w3.org from January 2016)

From: Chris Palmer <palmer@google.com>
Date: Fri, 22 Jan 2016 14:34:40 -0800
To: David Ross <drx@google.com>
Cc: Jim Manico <jim.manico@owasp.org>, Crispin Cowan <crispin@microsoft.com>, Craig Francis <craig.francis@gmail.com>, Conrad Irwin <conrad.irwin@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAOuvq223jRu95yhrFcp=hGkO6dkQUXTGv1BaUjE=L_9OPKVTgA@mail.gmail.com>

On Fri, Jan 22, 2016 at 2:30 PM, David Ross <drx@google.com> wrote:

What I mean is that I have not seen a (non-niche) use case for
> browser-based sanitization that Safe Node doesn't address.  It sounds
> like maybe you're saying that this is a huge problem, but if so what
> is the missing use case that Safe Node doesn't cover?
>

What if I just want to filter arbitrary user input before storing it in
LocalStorage for retrieval and use later? Or filter it to minify it, or the
like.

Received on Friday, 22 January 2016 22:35:09 UTC