Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fwd: CERT Advisory CA-2000-02

From: liondios () UVIC CA (Byron Alley)
Date: Mon, 7 Feb 2000 16:02:08 -0500

Henrik Nordstrom a dit:

For the case of publishing information on a shared web site using strict
HTML filterin is also beneficiable as it forces all authors to use a
common HTML dialect, guaranteed not to disturb the site enforced layout
or presentation, and helps keeping the information authors on track for
providing the information rather than fiddling around to much in layout
or presentation details.


Some web sites use an implementation based on this idea of a subset of
HTML.  You don't even need to use real HTML - just take the most useful
functions, like bold, italics - and build a sub-language.  In at least one
case I recall, a site used a format with []'s: [B] instead of <B>, etc.
This way you can safely remove any kind of tags, translate >'s to &gt;
entities, etc.  Naive users may not even know HTML anyways, and advanced
users will find it intuitive.

It's questionable whether there is real usefulness in allowing a full
range of HTML tags.  This solution fits.

- Byron

Prizes are for children.
- Charles Ives, upon being given, but refusing, the Pulitzer prize

Byron Alley  --> http://www.calicocity.com
Previous By Date Next
Previous By Thread Next

Current thread: