[Cryptography] filtering html
James A. Donald
jamesd at echeque.com
Sun Oct 15 04:12:24 EDT 2017
An arbitrary and possibly hostile web page passes through proxy or a
server, which makes a record of it.
Is there any easy way to filter that web page, stripping out javascript
and links to outside images and such, so that record is guaranteed to
display the same way, or closely equivalent way, as the original?
Seems to me this is a job for an html compiler, that you need to parse
it, filter the parse tree, and then regenerate the vanilla html document
from the parse tree. Which sounds like a great deal of work.
But there are lots of services that allow one client to generate html
that will be seen in their web page by another client. Which gives Bob
the potential to doing surprising things to Carol's subscription when
Carol views content supplied by Bob, so this problem, or somewhat
similar problems, must have been solved many times before, the problem
of rendering html incapable of doing surprising things.
More information about the cryptography
mailing list