From: Ingo Struck (ingoingostruck.de)
Date: Wed Jul 30 2003 - 15:30:45 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Ulf,

> Parts of your post seem to deal with a situation where all HTML elements
> and entities should be disarmed, but that problem is simpler.
Well, not parts of my post - this is the central point.
Only that "simpler" problem is solvable reliably.

> In web mail systems and web forums, you often want to allow some HTML
> constructs, and that's the problem I'm trying to solve.
IMNSVHO there is *no* situation where you may want to allow HTML
from any untrusted or unknown source. It is always a better option to use
different (simpler!) formats that are then turned to html by the web app.
That way you can provide some necessary functionality while simultaneously
"disarming" all untrusted html stuff.
Just to give an example:
It is absolutely unneccessary to allow for <b> tags - it's completely
sufficient to define that bold text is enclosed in stars (*) within text
input fields. You can then securely scan the text for such constructs and
turn that into real <b> tags.
To come back to mailing, forums and newsgroups:
HTML mailing is a fundamental evil and should *not at all* be used.
If you look at common security problems with mailers, especially M$ stuff,
you will find that most of them are related to using script- and HTML-enabled
mail clients. Just don't use that - mailing has got something to do with plain
content, that means it has something to do with text/plain and nothing else.

Kind regards

Ingo

- --
ingoingostruck.de
Use PGP: http://ingostruck.de/ingostruck.gpg with fingerprint
C700 9951 E759 1594 0807 5BBF 8508 AF92 19AA 3D24
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE/KCr5hQivkhmqPSQRAkXbAJ9Rm8STUdmSD3YMI8i13p4pFiuMrACgtks2
R28MyOptHr/UsiaHDwZKmVk=
=56mj
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]