|
|
Posted by Ambush Commander on 08/20/06 17:57
John Dunlop wrote:
> I don't mean to sound rude, but what is this 'something'? How do you
> know when you come across an error what was originally meant? Do you
> flag the error and ask the user what they meant?
No, we just mangle it and hope the user notices. :-P Error logging and
feedback is a feature I'd like to implement soon.
> I don't believe there is any program today that can check conformance
> to the HTML spec. Machines have no understanding of the prose of the
> spec.
But the /programmer/ can. I manually went through the HTML and CSS
specs and hand-picked the elements, attributes and properties that
would be acceptable from an untrusted user in a rich text environment.
And then hand-coded their definitions.
> Your program, from what I gather, checks validity and a
> selection of other criteria that you have chosen: a linter with built
> in validator.
Hmm... I don't see how that's much different from a filter. It won't
"fix" an excessive use and duplication of inline styles. It can't
figure out that a user is abusing a certain tag for a different
meaning. But it will make a document conform in the eyes of the W3C
validator, and it will block XSS attempts (by virtue of its whitelist
nature).
I feel like a salesperson trying to "sell" a product. Please feel free
to ask more questions.
Navigation:
[Reply to this message]
|