On Fri, Nov 22, 2002 at 06:39:07PM -0800, Scott Miller wrote: > On Fri, Nov 22, 2002 at 03:03:08PM -0800, Ian Clarke wrote: > > > Are they? The safest thing is certainly to block anything we don't > > > understand. > > > > True, ideally we should be using something like JTidy to parse the HTML > > to XML, then filter it, then spit it out to the browser. The JTidy jar > > is 142k, but this will slow things down. Additionally, I think JTidy > > relies on the XML stuff in post-1.1 versions of Java. > No, actually it doesn't. But it certainly could be a CPU drain on > slower machines. Then again, its only going to be a couple of seconds > and only for user-initiated browsing. Yeah. Security trumps usability on hardware that is three generations out of date. As always. > > Scott
-- Matthew Toseland toad at amphibian.dyndns.org amphibian at users.sourceforge.net Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 http://freenetproject.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021123/9c08f249/attachment.pgp>
