- From: Edward Z. Yang <edwardzyang@thewritingpot.com>
- Date: Mon, 15 Dec 2008 16:06:16 -0500
Ian Hickson wrote: > I don't really see why a sanitiser needs extensibility though. Could you > elaborate on this? Surely you just want to filter anything that isn't > valid or safe, and only leave the valid safe stuff, using a whitelist. In theory, I could write separate sanitizers for HTML 4, XHTML 1.0, XHTML 2.0, HTML 5, etc. In practice, I want to reuse as much code as possible between these cases, since I'm a lazy developer. Perhaps "extensibility" is not the right word here; it's more like "reusability" of components. A side-note: something we've been looking into is bolting on extensions to the HTML language. A user might write something in HTML 5, but the website is in HTML 4, so the sanitizer converts the HTML 5 into a more ugly but functional HTML 4 version, and returns that. The future, today! Cheers, Edward
Received on Monday, 15 December 2008 13:06:16 UTC