Re: HTMLPurifier - Standard Compliant HTML Filtering

From: "John Dunlop" <usenet+2004@xxxxxxxxxxxxxxxx>
Date: 19 Aug 2006 06:13:57 -0700

Ambush Commander:

HTMLPurifier is a new PHP library that filters HTML so that not only is
XSS thwarted, but the resulting HTML is standards-compliant!

Do you mean standards compliant, valid or something else? If you mean
standards compliant - assuming that that includes HTML - you would have
to assign meanings to all the ambiguous clauses of the HTML4.01 spec
(strictly speaking, all of them). If you mean valid, you would have to
guess or somehow infer what any invalid markup was intended to mean
before you could sort it.

--
Jock

.

Follow-Ups:
- Re: HTMLPurifier - Standard Compliant HTML Filtering
  - From: Ambush Commander

References:
- HTMLPurifier - Standard Compliant HTML Filtering
  - From: Ambush Commander

Prev by Date: Re: what is a segmentation fault, and why is it killing PHP on my server?
Next by Date: XML communication suggestions
Previous by thread: Re: HTMLPurifier - Standard Compliant HTML Filtering
Next by thread: Re: HTMLPurifier - Standard Compliant HTML Filtering
Index(es):
- Date
- Thread

Relevant Pages

Re: OT, but you guys know everything!!! What web page design software should I use?
... I strongly suggest that you consider dropping FrontPage and migrating to its successor Expression Web. ... The main problem I've had with FP is that it tends to generate HTML that isn't standards compliant. ... If you know what you are doing then FrontPage is fine, because you can keep an eye on the HTML and correct it. ... Whilst may errors don't really matter, some can cause search bots to balk which will stop search engines from finding your site or parts of your site. ...
(microsoft.public.windows.server.sbs)
Re: How can I play midi and/or audio files?
... I have never seen a satisfactory answer to playing sound files ... Displays even if client-side script support and DOM support is not ... There is no `embed' element in HTML, so this is not supposed to work in a ... also support the standards compliant `object' element, ...
(comp.lang.javascript)
Re: HTML 4.01 Transitional validation
... HTML already provides the means. ... Undeclared identifier which due to the assignment becomes a property ... That may be the standards compliant approach, but it is not cross-browser, ... Probably it is better to create Option elements ...
(comp.lang.javascript)
Re: Why Does Your Business Need A Website?
... <snip SPAM> ... And what HTML version is your website? ... Do you even write standards compliant ...
(uk.comp.vendors)