[Cryptography] filtering html

Robin Wood robin at digi.ninja
Sun Oct 15 17:19:49 EDT 2017


On Sun, 15 Oct 2017, 21:34 James A. Donald, <jamesd at echeque.com> wrote:

> An arbitrary and possibly hostile web page passes through proxy or a
> server, which makes a record of it.
>
> Is there any easy way to filter that web page, stripping out javascript
> and links to outside images and such, so that record is guaranteed to
> display the same way, or closely equivalent way, as the original?
>

For arbitrary content I'd have thought it wasn't possible. Imagine trying
to pass Google Inbox through a service such as this, you'd never be able to
recreate the content in just HTML.

Robin



> Seems to me this is a job for an html compiler, that you need to parse
> it, filter the parse tree, and then regenerate the vanilla html document
> from the parse tree.  Which sounds like a great deal of work.
>
> But there are lots of services that allow one client to generate html
> that will be seen in their web page by another client.  Which gives Bob
> the potential to doing surprising things to Carol's subscription when
> Carol views content supplied by Bob, so this problem, or somewhat
> similar problems, must have been solved many times before, the problem
> of rendering html incapable of doing surprising things.
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171015/82472bd8/attachment.html>


More information about the cryptography mailing list