On Mon, Nov 07, 2005 at 10:46:49AM -0800, Tim Hollebeek wrote:
|
| > I'm fond of the BB/Markdown sorts of solutions, which use an
| > HTML-like language which you translate into HTML. If your
| > parser tosses things it doesn't understand, this can be a
| > good solution to the (often real) requirement of "we need to
| > let users enter more than plain text."
|
| You're proposing a small language L where the input is translated
| into a safe subset of HTML if the input is in L, and rejected otherwise.
|
| What are the advantages of this over the special case L = the safe
| subset (and the translation is the identity function), which we were
| discussing?
It seems to me simpler to say [b] becomes <b> than to worry if <b> can
take an argument.
It's also harder for someone to come along and transform it from a
whitelist function to a blacklist function without properly
considering the security implications. User input functions will
break, and so QA will more easily notice the shift.
Adam
Received on Nov 07 2005
Intro
