On 13.10.2017 11:01, Jonas Wielicki wrote: > Which brings me back to "provide a reference implementation of an XHTML-IM > sanitizer".
I think StropheJS did an awesome job [1] and is close to an reference implementation. Just as an side note. As an XMPP web client developer, I want to say that I'm a bit confused about the discussion, because as web developer you always have to check your inputs carefully. For example if someone sends you an muc invitation and you just append it to the dom you are also screwed. So what's the point? We can't prevent developers from writing heedless code. Just my two cents. Cheers, Klaus [1] https://github.com/strophe/strophejs/blob/master/strophe.js#L1798
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
