On Fri, Mar 27, 2009 at 8:51 AM, Daniel Cheng <[email protected]> wrote: > On Fri, Mar 27, 2009 at 8:45 AM, Juiceman <[email protected]> wrote: > [...] >> >> Would Google Caja be useful at all? http://code.google.com/p/google-caja/ >> > > Sure. This save a lots of works. > But we still have to duplicate lots of code in javascript, that is: >
aruug.. Google Caja have links to something really interesting: http://code.google.com/p/google-caja/issues/detail?id=614 http://www.cs.berkeley.edu/~daw/teaching/cs261-f08/hws/hw1sol.html http://www.brettle.com/NeatHtml/docs/Fighting_XSS_with_JavaScript_Judo.html http://www.feedparser.org/docs/html-sanitization.html Some of them are exploiting the academia interpretation of SGML, which i don't aware any real browser supports. The "hard" stuff are the backward-compatibility hacks, not the feature written in b&w. >> > Either we have to code a HTML filter in javascript, >> > call back to server, or we end up with something too tight. _______________________________________________ Devl mailing list [email protected] http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
