OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Fwd: CERT Advisory CA-2000-02
From: Byron Alley (liondiosUVIC.CA)
Date: Mon Feb 07 2000 - 15:02:08 CST

Henrik Nordstrom a dit:
> For the case of publishing information on a shared web site using strict
> HTML filterin is also beneficiable as it forces all authors to use a
> common HTML dialect, guaranteed not to disturb the site enforced layout
> or presentation, and helps keeping the information authors on track for
> providing the information rather than fiddling around to much in layout
> or presentation details.

Some web sites use an implementation based on this idea of a subset of
HTML. You don't even need to use real HTML - just take the most useful
functions, like bold, italics - and build a sub-language. In at least one
case I recall, a site used a format with []'s: [B] instead of <B>, etc.
This way you can safely remove any kind of tags, translate >'s to &gt;
entities, etc. Naive users may not even know HTML anyways, and advanced
users will find it intuitive.

It's questionable whether there is real usefulness in allowing a full
range of HTML tags. This solution fits.

- Byron

Prizes are for children.
- Charles Ives, upon being given, but refusing, the Pulitzer prize

Byron Alley --> http://www.calicocity.com