James Graham wrote: > Nothing in section 8 is going to ensure that you get output that passes > a conformance check. If you do transform the output into something that > is conforming then you have to make up the rules yourself
Yes, which I suppose is slightly concerning. My philosophy is to first reconstruct the DOM as much like browsers, and then for non-compliant DOMs move things around so they become compliant, but *look* the same as a non-compliant DOM. > so you have > just shifted the ambiguity from the client (where it will hopefully > disappear in a few years once the HTML5 algorithm has large-scale > adoption) to the sanitizer implementation. I feel like this is preferable in many cases. There's only one sanitizer implementation to worry about, as opposed to many browser implementations. Also, the sanitizer can transparently add cross-browser compatibility code for poorly supported elements. Cheers, Edward