On Fri, Nov 22, 2002 at 03:03:08PM -0800, Ian Clarke wrote: > > Are they? The safest thing is certainly to block anything we don't > > understand. > > True, ideally we should be using something like JTidy to parse the HTML > to XML, then filter it, then spit it out to the browser. The JTidy jar > is 142k, but this will slow things down. Additionally, I think JTidy > relies on the XML stuff in post-1.1 versions of Java. No, actually it doesn't. But it certainly could be a CPU drain on slower machines. Then again, its only going to be a couple of seconds and only for user-initiated browsing.
Scott
msg05606/pgp00000.pgp
Description: PGP signature
