W3C home > Mailing lists > Public > whatwg@whatwg.org > December 2008

[whatwg] Stability of tokenizing/dom algorithms

From: James Graham <jgraham@opera.com>
Date: Mon, 15 Dec 2008 11:07:23 +0100
Message-ID: <49462C5B.2050909@opera.com>
Edward Z. Yang wrote:
> The reason I'd like to know this is because I am the author of a tool
> named HTML Purifier, which takes user-input HTML and cleans it for
> standards-compliance as well as XSS. We insist on output being standards
> compliant, because the result is unambiguous.

Nothing in section 8 is going to ensure that you get output that passes 
a conformance check. If you do transform the output into something that 
is conforming then you have to make up the rules yourself so you have 
just shifted the ambiguity from the client (where it will hopefully 
disappear in a few years once the HTML5 algorithm has large-scale 
adoption) to the sanitizer implementation.
Received on Monday, 15 December 2008 02:07:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:46 UTC