- From: olivier Thereaux <ot@w3.org>
- Date: Tue, 4 Sep 2007 10:23:57 +0900
- To: jczt31e02@sneakemail.com
- Cc: www-validator@w3.org
Hello, dear anonymous writer. On Sep 3, 2007, at 14:08 , jczt31e02@sneakemail.com wrote: > With that said, please consider my concerns that there could be an > exploitable problem with the latest version of the on-line > validator which could cause an unscrupulous website to create a > link to the Markup Validation Service. Validator results could be > crafted to display misleading content. Right, if someone declares that the doctype of a document is "I am a walrus", then the validator will report that the document declared to be "the walrus" and that the document did not validate. > As mentioned, it is extremely easy to do this and I am concerned > that it could be a potential embarrassment, in the very least, to > the fine work that the W3C does. It could be used for Spamming, > pointing to malicious code and other nefarious practices. Well, at least as far as I can tell there is no way to "inject" a link, just some text, and yes, that text can be as stupid as humanity allows it, that is, infinitely. I'm not sure what to do with your "bug" report here. It feels as though its use will be mostly to give bad ideas to idiots, and as far as "fixing" the validator is concerned, I'm not sure what to do. Maybe we could limit the length of the string that is displayed... Any idea from everyone on the list? -- olivier
Received on Tuesday, 4 September 2007 01:24:02 UTC