[whatwg] Stability of tokenizing/dom algorithms

Edward Z. Yang edwardzyang at thewritingpot.com
Mon Dec 15 13:06:16 PST 2008

Ian Hickson wrote:
> I don't really see why a sanitiser needs extensibility though. Could you 
> elaborate on this? Surely you just want to filter anything that isn't 
> valid or safe, and only leave the valid safe stuff, using a whitelist.

In theory, I could write separate sanitizers for HTML 4, XHTML 1.0,
XHTML 2.0, HTML 5, etc. In practice, I want to reuse as much code as
possible between these cases, since I'm a lazy developer. Perhaps
"extensibility" is not the right word here; it's more like "reusability"
of components.

A side-note: something we've been looking into is bolting on extensions
to the HTML language. A user might write something in HTML 5, but the
website is in HTML 4, so the sanitizer converts the HTML 5 into a more
ugly but functional HTML 4 version, and returns that. The future, today!


More information about the whatwg mailing list