[imps] HTML5 and libxml2

Edward Z. Yang edwardzyang at thewritingpot.com
Sun Apr 6 10:47:46 PDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Geoffrey Sneddon wrote:
> It's not proprietary: it's part of DOM Level 3 Core, as PHP claims to
> implement (see
> <http://www.w3.org/TR/DOM-Level-3-Core/core.html#Document3-strictErrorChecking>).

You're right---I was looking at DOM Level 2 Core.

> Ah. So therefore it doesn't actually allow the DOM to hold characters it
> otherwise wouldn't (like a a@ localName).

Precisely. And since the behavior is undefined, the PHP developers are
free to implement this however they want. To make these errors not stop
execution without strictErrorChecking, one would probably have to
macro-fy php_dom_throw_error to include the appropriate return values,
and then remove any trailing RETURN_* macro-calls... which doesn't
really seem worth it for them, although that makes strictErrorChecking
slightly useless. :-) It also makes me slightly worried about cases
where libxml2 *requires* that the validation is done (for example,
libxml2 does not appear to be binary safe, whereas PHP strings are).

- --
 Edward Z. Yang                        GnuPG: 0x869C48DA
 HTML Purifier <http://htmlpurifier.org> Anti-XSS Filter
 [[ 3FA8 E9A9 7385 B691 A6FC B3CB A933 BE7D 869C 48DA ]]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH+QzCqTO+fYacSNoRAoELAJwLG3NzFvvkXZK0fCgbVyjsvp+V6wCfYeDv
a/6q8ySgwJ2TfjpKQSxSFr0=
=/16o
-----END PGP SIGNATURE-----



More information about the Implementors mailing list