Re: [Wikitext-l] HTML security

21 Nov 2007


      On Thu, Nov 22, 2007 at 04:35:56PM +1100, Steve Bennett wrote:
...
On 11/22/07, Jay R. Ashworth jra@baylink.com wrote:
...
My opinion is that each block of code should do it's think, and no one
else's thing.  DJB's a whackjob, but on this point, he hews correctly
to those who created this OS we pray to daily...
That doesn't help. Is parsing &foo; a parser "thing" or a
clean/tidy/secure HTML "thing"?
That depends on what you're parsing it for.
If you're parsing it to decide to drop it because you think it's
unsafe, I would say that a post-parser tidy pass should do it.
Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra@baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

         Witty slogan redacted until AMPTP stop screwing WGA

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: [Wikitext-l] HTML security