Excerpts from Adam Chlipala's message of Sun Apr 15 20:12:00 +0200 2012: > It's just like using eval() in an unsafe way, but Ur/Web rules out > eval()!
Can't you just use it as 'external' function and write a binding for it in .urp files? So the point is that all problems are known by reading the .urp file? So this discussion is about both: The urweb compiler and the HTML parser you wrote to sanitize / verify that user typed well formed HTML? Thus if a user wants to design his newsletter for a shop he should be prevented from using <div style="something using a milicious url"> or the like? Marc Weber _______________________________________________ Ur mailing list [email protected] http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
