- From: Ville Skyttä <ville.skytta@iki.fi>
- Date: 16 Jul 2003 22:10:27 +0300
- To: www-validator@w3.org
On Wed, 2003-07-16 at 11:58, Jordan Gordeev wrote: > I think that validating sites on IP addresses, which are not globally > valid(IPs used only on > LANs or as loopback addresses), should be > forbidden as this might cause confusion to users of the validator that > accidentally enter invalid IP addresses and might > lead to security isues with people trying to steal information from the > W3C network. Agreed; the following comment (by yours truly) has been in the validator source code for some time now, but nobody has picked up the task yet: # @@@FIXME@@@: # Disable checking if the URI is local (or private) for security reasons, # or at least make it configurable to do so. Flat out refusing to validate anything from these addesses is not an option; I bet one of the top reasons to download and install a local instance of the Validator is to be able to validate documents that the public one at validator.w3.org can't access. I'll try to look into this. Thanks for the feedback, -- \/
Received on Wednesday, 16 July 2003 15:10:30 UTC