> >> > Depending how much cleaning of the HTML filtering system you want to > >> > do... ?Has using something like JTidy ( http://jtidy.sourceforge.net/ > >> > ) been discussed? ?That way you wouldn't have to worry about what's > >> > valid or invalid HTML, merely the security aspects of valid HTML that > >> > are unique to Freenet. > > > > That might be nice... but wouldn't we have the same problem in that it would > > be hard to diff the output of the filter against the input for debugging > > purposes? What do other people think about this? It would make life much > > easier... > > I don't see why it would be a problem. I haven't used tidy much, > honestly. I don't see how to make it stop changing line breaks and > such in my page. However, I don't mind running it locally before > inserting, so that nothing changes when the filter runs it. I don't > need the filter to never change anything; I just need to know what to > do so that I can get a diff that shows only the changes made by the > filter. If I need to run tidy on the original, and then diff that vs > the filtered output, that's fine by me. > > And anything that makes the filtering more robust and less work is a > big win, imho. > > Evan Daniel
No way. We have a filter which works (security-wise), why would we change? Auditing upstream changes is going to be more time-expensive than maintaining our own because it implements only a subset of the features. Florent
