W3C home > Mailing lists > Public > www-validator@w3.org > November 2015

Re: What happens to the uploaded files

From: Michael[tm] Smith <mike@w3.org>
Date: Sun, 8 Nov 2015 20:39:47 +0900
To: Jean Sprimont <jean.sprimont@gmail.com>, Adam Koermendi <Adam.Koermendi@r2protec.de>
Cc: www-validator@w3.org, David Dorward <david@dorward.me.uk>
Message-ID: <20151108113947.GR7956@sideshowbarker.net>
Adam Koermendi <Adam.Koermendi@r2protec.de>, 2015-10-30 08:24 +0100:
> Archived-At: <http://www.w3.org/mid/E1Zs45l-00018C-U9@maggie.w3.org>
>  
> I have been trying to use your validator for some HTMLs I am making for
> the company I am working for. Problem is if I direct the validator to the
> server I am running I cannot get past my login page due to some password
> protection I have implemented. 
> 
> So in order to check my HTMLs I either need to rewrite my server
> security, or I need to upload the files. 
> 
> My question is what do you do with the uploaded files? Do you keep them
> or do they get deleted shortly after uploading them to the tool?

We do nothing with them other than reading them a single time and
essentially discarding them. The HTML checker backend has no means at all
for persistently storing anything on the server side. When you use the file
-upload or textarea-input mechanisms, the validator parses the input once
and then just exposes it as a series of parse events to the rest of the
code. The original document source is lost as soon as the parser is done
parsing it.

David Dorward <david@dorward.me.uk>, 2015-11-01 21:17 +0000:
> Archived-At: <http://www.w3.org/mid/3337CD9E-E2EE-4F62-AFF8-60122887ADB5@dorward.me.uk>
> The source code is available if you want to audit it to find out —
> https://github.com/validator/validator/ — or you could just take that
> source code and run your own local copy of the validator and not put your
> private data near third party servers in the first place. 

David is right. If you’re concerned about exposing confidential information
to any third-party remote services, then you shouldn’t send anything to a
third-party remote service like the W3C HTML checker.


-- 
Michael[tm] Smith https://people.w3.org/mike

Received on Sunday, 8 November 2015 11:40:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 14:18:14 UTC