- From: Karl Dubost <karl@w3.org>
- Date: Wed, 26 Feb 2003 08:11:16 -0500
- To: public-evangelist@w3.org
Hi, I'll be interested to know the list of tools which are OPEN SOURCE and helps people to validate (not only HTML) and maintain the quality of their Web sites. Example: http://simon.incutio.com/archive/2003/02/23/safeHtmlChecker *************************** I've finally enabled a subset of HTML in my comments. In doing so, I had several requirements that needed to be fulfilled: 1. Entered markup must be valid to XHTML strict, to stop comments form breaking validation and keep things nice and tidy. 2. No presentational markup! I want to maintain control over how things look via my stylesheets - comments posted should only be able to use structural HTML elements. 3. Attributes should be restricted to those that add semantic meaning. Javascript event attributes and CSS related attributes should not be allowed. 4. I should retain full control over the tags and attributes allowed in the comments. 5. Submitted HTML must be kept free from anything that could pose a security risk, such as javascript: URLs. The system I have implemented works by running submitted posts through an XML parser, which checks that each element is in my list of allowed elements, is nested correctly (you can't put a blockquote inside a p for example) and doesn't have any illegal attributes. My initial test have shown it to work pretty well, but if anyone wants to have a go at breaking it please, be my guest. The code for the main class is available here: SafeHtmlChecker.class.php -- Karl Dubost / W3C - Conformance Manager http://www.w3.org/QA/ --- Be Strict To Be Cool! ---
Received on Wednesday, 26 February 2003 08:13:36 UTC