On 27-Jul-09, at 1:21 PM, Craig Andrews wrote:
I just tried out htmLawed (same idea as tidy or HTML_Safe) and ran
into an
issue. As you said, these filtering libraries tend to take out
'object'
and 'embed.' So I whitelisted those tags. The problem is that
'object' is
valid xhtml, but 'embed' is not. So if we whitelist them, the
result is
not valid xhtml, and we're right back where we started.
oohembed returns <object> and <embed> tags for youtube, but you can
express the video as <object> without <embed>, therefore producing
valid
xhtml. Since oohembed is Free, we can patch it. But, many other oembed
supporting sites will still produce invalid xhtml, and we cannot
possibly
fix them all.
I might be being dumb here, but couldn't you whitelist <object> and
not <embed>?
Then the fixup library will take out <embed> like we want and leave
in <object>?
_______________________________________________
Laconica-dev mailing list
[email protected]
http://mail.laconi.ca/mailman/listinfo/laconica-dev
