[Cryptography] filtering html
robin at digi.ninja
Sun Oct 15 17:19:49 EDT 2017
On Sun, 15 Oct 2017, 21:34 James A. Donald, <jamesd at echeque.com> wrote:
> An arbitrary and possibly hostile web page passes through proxy or a
> server, which makes a record of it.
> and links to outside images and such, so that record is guaranteed to
> display the same way, or closely equivalent way, as the original?
For arbitrary content I'd have thought it wasn't possible. Imagine trying
to pass Google Inbox through a service such as this, you'd never be able to
recreate the content in just HTML.
> Seems to me this is a job for an html compiler, that you need to parse
> it, filter the parse tree, and then regenerate the vanilla html document
> from the parse tree. Which sounds like a great deal of work.
> But there are lots of services that allow one client to generate html
> that will be seen in their web page by another client. Which gives Bob
> the potential to doing surprising things to Carol's subscription when
> Carol views content supplied by Bob, so this problem, or somewhat
> similar problems, must have been solved many times before, the problem
> of rendering html incapable of doing surprising things.
> The cryptography mailing list
> cryptography at metzdowd.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography