[whatwg] Stability of tokenizing/dom algorithms
Edward Z. Yang
edwardzyang at thewritingpot.com
Mon Dec 15 13:06:16 PST 2008
Ian Hickson wrote:
> I don't really see why a sanitiser needs extensibility though. Could you
> elaborate on this? Surely you just want to filter anything that isn't
> valid or safe, and only leave the valid safe stuff, using a whitelist.
In theory, I could write separate sanitizers for HTML 4, XHTML 1.0,
XHTML 2.0, HTML 5, etc. In practice, I want to reuse as much code as
possible between these cases, since I'm a lazy developer. Perhaps
"extensibility" is not the right word here; it's more like "reusability"
A side-note: something we've been looking into is bolting on extensions
to the HTML language. A user might write something in HTML 5, but the
website is in HTML 4, so the sanitizer converts the HTML 5 into a more
ugly but functional HTML 4 version, and returns that. The future, today!
More information about the whatwg