Re^2: side effects "Enforce proper nesting of HTML"

Replies are listed 'Best First'.
Re^3: side effects "Enforce proper nesting of HTML" by tobyink (Canon) on Jun 05, 2017 at 10:56 UTC
Be conservative in what you do, be liberal in what you accept from others. —Postel's law	[reply]
Re^4: side effects "Enforce proper nesting of HTML" by LanX (Saint) on Jun 05, 2017 at 11:11 UTC
I should have clarified that my motivation was security not a purist ideology. Cheers Rolf _{(addicted to the Perl Programming Language and ☆☆☆☆ :) Je suis Charlie!}	[reply]
Re^5: side effects "Enforce proper nesting of HTML" (security) by tye (Sage) on Jun 09, 2017 at 06:57 UTC
Unapproved mark-up (both HTML tags and HTML attributes) are already always blocked. That takes care of the cross-site scripting security concern. An enhancement was implemented to go further and better protect site layout from (usually unintentional) inclusion of approved tags in a manner that can interfere with layout beyond the contents of the individual submission. This enhancement goes beyond noting that 'br' tags are approved for inclusion so it also blocks any 'br' tags that are not "properly nested". So you can, for example, include "`<br>`", "`<br></br>`", and "`<br />`" and not have them blocked. However, with the enhanced validation, including something like "`</br>`" or "`</p>`" without a matching, preceding opening tag, will lead to that tag being blocked. Without the enhancement, such constructs are included (which presents absolutely no problem that could be described as "security"). During the trial period where the enhancement is optional to shake out unintended consequences, it was discovered that misplacing the "/" in "`<p />`" by using "`</p>`" was such a common mistake that many browsers had decided to interpret the latter as the former. That was really the only major problem discovered. It frankly should not be particularly difficult to fix that and then make the enhancement no longer optional. I'm even tempted to just make the enhancement no longer optional even without that tweak (except for the impact it would have on previously-posted nodes). I thought that I had already made the increased validation the default for new users and something that applied to anonymonk. At least the latter appears to not be true or was reverted (perhaps by a bug that allowed anonymonk to sometimes impact those settings). - tye	[reply] [d/l] [select]
Re^3: side effects "Enforce proper nesting of HTML" by Lady_Aleena (Priest) on Jun 05, 2017 at 10:32 UTC
I would support it. I would support removing deprecated HTML as well. *No matter how hysterical I get, my problems are not time sensitive. So, relax, have a cookie, and a very nice day!* Lady Aleena	[reply]
Re^4: side effects "Enforce proper nesting of HTML" by LanX (Saint) on Jun 05, 2017 at 11:19 UTC
At the time PM was drafted, HTML was still evolving, so I'm not surprised. Anyway my question was just a question, ie seeking better understanding and not a call for action which needs "support". Not sure if my English is flawed here ... Cheers Rolf _{(addicted to the Perl Programming Language and ☆☆☆☆ :) Je suis Charlie!}	[reply]


Problems? Is your data what you think it is?
	PerlMonks