On Fri, Nov 22, 2002 at 06:39:07PM -0800, Scott Miller wrote: > On Fri, Nov 22, 2002 at 03:03:08PM -0800, Ian Clarke wrote: > > > Are they? The safest thing is certainly to block anything we don't > > > understand. > > > > True, ideally we should be using something like JTidy to parse the HTML > > to XML, then filter it, then spit it out to the browser. The JTidy jar > > is 142k, but this will slow things down. Additionally, I think JTidy > > relies on the XML stuff in post-1.1 versions of Java. > No, actually it doesn't. But it certainly could be a CPU drain on > slower machines. Then again, its only going to be a couple of seconds > and only for user-initiated browsing. Yeah. Security trumps usability on hardware that is three generations out of date. As always. > > Scott
-- Matthew Toseland [EMAIL PROTECTED] [EMAIL PROTECTED] Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 http://freenetproject.org/
msg05607/pgp00000.pgp
Description: PGP signature
