W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Re: In-browser sanitization vs. a “Safe Node” in the DOM

From: Chris Palmer <palmer@google.com>
Date: Fri, 22 Jan 2016 14:34:40 -0800
Message-ID: <CAOuvq223jRu95yhrFcp=hGkO6dkQUXTGv1BaUjE=L_9OPKVTgA@mail.gmail.com>
To: David Ross <drx@google.com>
Cc: Jim Manico <jim.manico@owasp.org>, Crispin Cowan <crispin@microsoft.com>, Craig Francis <craig.francis@gmail.com>, Conrad Irwin <conrad.irwin@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Fri, Jan 22, 2016 at 2:30 PM, David Ross <drx@google.com> wrote:

What I mean is that I have not seen a (non-niche) use case for
> browser-based sanitization that Safe Node doesn't address.  It sounds
> like maybe you're saying that this is a huge problem, but if so what
> is the missing use case that Safe Node doesn't cover?

What if I just want to filter arbitrary user input before storing it in
LocalStorage for retrieval and use later? Or filter it to minify it, or the
Received on Friday, 22 January 2016 22:35:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC