Most recent edit on 2008-03-05 14:37:27 by MatthewToseland [formatting]
Additions:
- At the moment, href's to the web are replaced with href's to internal links including the url as a parameter, which if clicked on will warn the user and offer them a choice: either visit the non-anonymous site specified (via a POST button), or don't.
Deletions:
- At the moment, href's to the web are replaced with href's to CHECKED_HTTP links which if clicked on will warn the user and offer them a choice: either visit the non-anonymous site specified (via a POST button), or don't.
Edited on 2008-03-05 14:37:06 by MatthewToseland [formatting]
Additions:
- At the moment, href's to the web are replaced with href's to CHECKED_HTTP links which if clicked on will warn the user and offer them a choice: either visit the non-anonymous site specified (via a POST button), or don't.
Deletions:
- At the moment, href's to the web are replaced with href's to /CHECKED_HTTP links which if clicked on will warn the user and offer them a choice: either visit the non-anonymous site specified (via a POST button), or don't.
Oldest known version of this page was edited on 2008-03-05 14:36:50 by MatthewToseland [html filter page]
Page view:
HTML filtering
We filter HTML to remove dangerous links, inlines, scripting:
- At the moment, href's to the web are replaced with href's to /
CHECKED_HTTP links which if clicked on will warn the user and offer them a choice: either visit the non-anonymous site specified (via a POST button), or don't.
- Scripting is just stripped out. It should be possible to write a javascript filter, but it would be a big project, which isn't a priority before 1.0.
- We have a CSS filter.
- We (roughly) only support HTML4.01. We don't parse HTML as XML, so we can't support compound documents with e.g. SVG. We need to support HTML5 (non-XML), and XHTML2, with SVG. We need to support HTML embedded in RSS. And so on.