[Wikitext-l] HTML security
Jay R. Ashworth
jra at baylink.com
Thu Nov 22 03:52:33 UTC 2007
On Thu, Nov 22, 2007 at 02:34:27PM +1100, Steve Bennett wrote:
> Would the developers (or users, for that matter) be likely to trust a
> pure parser solution? It seems to me that it's a lot easier simply to
> scan the resulting output looking for bad bits, than it is to attempt
> to predict and block off all the possible routes to producing nasty
> code.
My opinion is that each block of code should do it's think, and no one
else's thing. DJB's a whackjob, but on this point, he hews correctly
to those who created this OS we pray to daily...
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Witty slogan redacted until AMPTP stop screwing WGA
More information about the Wikitext-l
mailing list