- From: Hugo Van Aelst <hugovanaelst@gmail.com>
- Date: Mon, 23 Jul 2018 13:39:45 +0200
- To: "Michael[tm] Smith" <mike@w3.org>
- Cc: www-validator@w3.org
Received on Monday, 23 July 2018 11:40:21 UTC
Thanks a lot for your quick answer Op zo 22 jul. 2018 04:19 schreef Michael[tm] Smith <mike@w3.org>: > Hi Hugo, > > Hugo Van Aelst <hugovanaelst@gmail.com>, 2018-07-19 23:07 +0200: > > Archived-At: < > https://www.w3.org/mid/CABA1Tmv7=Rt3pLK7i6LYX0RLwL_QQo66_4Byh3n_ViKPapgnzA@mail.gmail.com > > > > > > Hello, > > > > Password protected pages can't been validated by the *NU HTML CHECKER*. > > Yeah, that’s by design. Because in order for the checker to be able to > access the password-protected page, you need to expose your password to the > checker backend. Which means that I or anyone else who has admin access to > the backend can see your password and use it without your knowledge to gain > access to the page — or I could even pass it on to a bunch of other people > so that they could all gain access to the page. > > > http://www.hugova.be/issue-html-checker/ > > > > The old *W3C HTML Validator* was always working correctly. > > It’s not working correctly. The fact that it allows checking of password- > protected pages is security bug, not a feature > > -- > Michael[tm] Smith https://people.w3.org/mike >
Received on Monday, 23 July 2018 11:40:21 UTC