- From: Michael[tm] Smith <mike@w3.org>
- Date: Sun, 22 Jul 2018 11:19:28 +0900
- To: Hugo Van Aelst <hugovanaelst@gmail.com>
- Cc: www-validator@w3.org
Received on Sunday, 22 July 2018 02:19:52 UTC
Hi Hugo, Hugo Van Aelst <hugovanaelst@gmail.com>, 2018-07-19 23:07 +0200: > Archived-At: <https://www.w3.org/mid/CABA1Tmv7=Rt3pLK7i6LYX0RLwL_QQo66_4Byh3n_ViKPapgnzA@mail.gmail.com> > > Hello, > > Password protected pages can't been validated by the *NU HTML CHECKER*. Yeah, that’s by design. Because in order for the checker to be able to access the password-protected page, you need to expose your password to the checker backend. Which means that I or anyone else who has admin access to the backend can see your password and use it without your knowledge to gain access to the page — or I could even pass it on to a bunch of other people so that they could all gain access to the page. > http://www.hugova.be/issue-html-checker/ > > The old *W3C HTML Validator* was always working correctly. It’s not working correctly. The fact that it allows checking of password- protected pages is security bug, not a feature -- Michael[tm] Smith https://people.w3.org/mike
Received on Sunday, 22 July 2018 02:19:52 UTC