Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
comp.lang.forth
Message from discussion Olympic Spririt for Forth

View parsed - Show only message text

Received: by 10.66.75.39 with SMTP id z7mr1709711pav.26.1349367062709;
        Thu, 04 Oct 2012 09:11:02 -0700 (PDT)
MIME-Version: 1.0
Path: t10ni23612423pbh.0!nntp.google.com!news.glorb.com!eternal-september.org!feeder.eternal-september.org!mx04.eternal-september.org!.POSTED!not-for-mail
From: an...@mips.complang.tuwien.ac.at (Anton Ertl)
Newsgroups: comp.lang.forth
Subject: Re: Olympic Spririt for Forth
Date: Thu, 04 Oct 2012 16:07:22 GMT
Organization: Institut fuer Computersprachen, Technische Universitaet Wien
Lines: 27
Message-ID: <2012Oct4.180722@mips.complang.tuwien.ac.at>
References: <abka93F3k97U1@mid.individual.net> <k49s60$ha0$1@dont-email.me> <7x391zgx4p.fsf@ruckus.brouhaha.com> <38bc373a-aa2f-4251-9247-1fbfbfcf5f6c@googlegroups.com> <7xhaqc69sz.fsf@ruckus.brouhaha.com> <22489610.pnmz7RBueg@sunwukong.fritz.box> <7x391wsjjp.fsf@ruckus.brouhaha.com> <8997734.FPiUxMsVlB@sunwukong.fritz.box> <7xbogk71fc.fsf@ruckus.brouhaha.com> <1599725.MmvXeDaymt@sunwukong.fritz.box> <2012Oct3.160448@mips.complang.tuwien.ac.at> <7xr4pfbh1u.fsf@ruckus.brouhaha.com>
Injection-Info: mx04.eternal-september.org; posting-host="e3602f98984ce6eff143cbffbeeac014";
	logging-data="19860"; mail-complaints-to="ab...@eternal-september.org";	posting-account="U2FsdGVkX19xMg5eJXv8QH/vfm2dYwXp"
X-newsreader: xrn 10.00-beta-3
Cancel-Lock: sha1:N9b8jSrgl3p83vTlcIPc0tIqF7w=

Paul Rubin <no.em...@nospam.invalid> writes:
>an...@mips.complang.tuwien.ac.at (Anton Ertl) writes:
>> with square instead of angle brackets.  The idea here is
>> apparently that they want the user to be able to do some layout
>> markup, but they want a restricted what the users can do (not sure why
>> you need square brackets for that, though).
>
>Sanitizing HTML is very difficult.  If they use angle brackets they have
>to be ultra-careful that the user can't sneak something malicious
>through the sanitizer.  It's easier to just convert all < characters to
>&lt; and do markup in a syntax that starts from zero and adds safe
>capabilities, rather than starting with something dangerous and trying
>to subtract from it.

Yes, that's the right approach, but it does not require square
brackets.  I would write a parser that understands the desired HTML
subset and outputs it verbatim, and everything that the parser does
not grok is processed in the same way as BBcode does it (i.e.,
"<"->"&lt;").  This approach works equally well if I use angle
brackets or square brackets for my tags.

- anton
-- 
M. Anton Ertl  http://www.complang.tuwien.ac.at/anton/home.html
comp.lang.forth FAQs: http://www.complang.tuwien.ac.at/forth/faq/toc.html
     New standard: http://www.forth200x.org/forth200x.html
   EuroForth 2012: http://www.euroforth.org/ef12/

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google