the Network.URI parser
peteg42 at gmail.com
Tue May 27 06:58:06 EDT 2008
On 27/05/2008, at 3:19 PM, Neil Mitchell wrote:
> That's a bad example, since its a bit dodgy, and possibly a security
> flaw. I prefer the example:
> pointing at a document anymore.
It most certainly is a security flaw. If you read that page I pointed
to before (it's safe, I think, but best not use IE, ok? :-) you will
find a whole pile of dodgy URIs. Most get culled (in my case) by the
HaXml parser and/or XHTML 1.0 Strict validation, and now I hope to
eliminate the rest by carefully handling the URIs.
On that topic, does anyone have any good advice for handling these
I can imagine whitelisting schemes (ftp/http/???) and doing the
<a href="link">anchor text [authority]</a>
for links coming from untrusted sources.
If anyone knows of the state-of-the-art in this area, I'd appreciate a
doesn't seem to think the style attribute is unsafe. Have they not
been following the MySpace fiascos?
(Sorry if this is a bit off-topic.)
More information about the Libraries