On Wed, Aug 13, 2008 at 12:22 AM, Reema Sardana <[EMAIL PROTECTED]> wrote: > Pardon for my ignorance here. The purpose of html sanitizer is to return > something that can be safely assigned to innerHTML. Why do we need to > validate URL's? Do we bother if a URL is not valid? In other words, can it > be unsafe in any ways?
Yes, it can. I've added some comments on SHINDIG-346 about the URL sanitization piece of the puzzle.
