Perhaps we could write the embedded html to a nested iframe served with content type text/html, and there fix the safety issue and content type / xhtml problem that way? ------Original Message------ From: Zach Copley To: Sarven Capadisli Cc: Craig Andrews Cc: [email protected] Subject: Re: [Laconica-dev] HTML vs XHTML: We need to stop serving the XHTMLmime type Sent: Jul 26, 2009 9:27 PM
Sarven Capadisli wrote: > On Sun, 2009-07-26 at 00:58 -0400, Craig Andrews wrote: >> If we return the content-type as "text/html" instead of "application/xml" >> or "application/xhtml+xml" webkit works fine, as laconica is now writing >> valid markup to the DOM. > > We could use the HTML_Safe PEAR library or Tidy to clean up what we get > and set the response mimetype to text/xml. Zach actually tested this, > but, I can't recall what was the final status. HTML_Safe does a pretty good job of converting everything to XHTML. The trouble is it strips out "potentially dangerous content," including elements oohembed.com returns for YouTube, Vimeo, and other video sites -- namely: 'embed' and 'object'. Maybe we can hack in an element whitelist. We really should be filtering the HTML we're getting from these oembed sites. Any suggestions for other good ways to do that? Zach -- Zach Copley <[email protected]> Control Yourself, Inc. Sent via BlackBerry from T-Mobile _______________________________________________ Laconica-dev mailing list [email protected] http://mail.laconi.ca/mailman/listinfo/laconica-dev
