W3C home > Mailing lists > Public > www-validator@w3.org > September 2007

Re: XHTML 1.1 validation accepts additional content

From: olivier Thereaux <ot@w3.org>
Date: Tue, 4 Sep 2007 10:23:57 +0900
Message-Id: <20DCB9CB-CF35-42EE-8853-5175FC6F476E@w3.org>
Cc: www-validator@w3.org
To: jczt31e02@sneakemail.com

Hello, dear anonymous writer.

On Sep 3, 2007, at 14:08 , jczt31e02@sneakemail.com wrote:
>  With that said, please consider my concerns that there could be an  
> exploitable problem with the latest version of the on-line  
> validator which could cause an unscrupulous website to create a  
> link to the Markup Validation Service. Validator results could be  
> crafted to display misleading content.

Right, if someone declares that the doctype of a document is "I am a  
walrus", then the validator will report that the document declared to  
be "the walrus" and that the document did not validate.

> As mentioned, it is extremely easy to do this and I am concerned  
> that it could be a potential embarrassment, in the very least, to  
> the fine work that the W3C does. It could be used for Spamming,  
> pointing to malicious code and other nefarious practices.

Well, at least as far as I can tell there is no way to "inject" a  
link, just some text, and yes, that text can be as stupid as humanity  
allows it, that is, infinitely.

I'm not sure what to do with your "bug" report here. It feels as  
though its use will be mostly to give bad ideas to idiots, and as far  
as "fixing" the validator is concerned, I'm not sure what to do.  
Maybe we could limit the length of the string that is displayed...

Any idea from everyone on the list?

-- 
olivier
Received on Tuesday, 4 September 2007 01:24:02 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 10 December 2014 20:08:59 UTC