Broken HTML Support

Joseph Holsten pantosys at gmail.com
Fri Feb 10 22:57:32 UTC 2006 

On Feb 10, 2006, at 3:48 PM, Josh Hoyt wrote:

> 1. The spec should not take a position on what a relying party does
> with broken markup -- except perhaps mentioning that it has to be
> dealt with somehow, because:
> 2. A relying party must be careful to avoid parsing <meta> tags that
> are not in the HTML head, regardless of whether the document is valid.

I think we agree then. Now about those test suites. Love the  
redirection suite, I think it covers everything. But I think there's  
some ambiguity on the html parsing (best practices) suite. I'll start  
compiling a well-formed test-suite as a supplement.

I stuck the html files on lines by themselves, separated by blank  
lines. Sorry if this client wraps lines.

The suite says I can stop early, how do I know when?
  <head><html><meta http-equiv="X-YADIS-Location" content="found">

Does this express a XSS concern?
<body><html><head><meta http-equiv="X-YADIS-Location" content="found">

Okay, I understand failing for the first, but don't understand  
accepting the second
</body><html><head><meta http-equiv="X-YADIS-Location" content="found">

</porky><html><head><meta http-equiv="X-YADIS-Location" content="found">

I'm not sure I agree with accepting this
<head><meta http-equiv="X-YADIS-Location" content="found">

Okay, I get matching this, but how should I respond? call  
pitch_fit_throw_tantrum_scream_violently() ?
<html><head><meta http-equiv="X-YADIS-Location" content="">

Okay, what pre<html> junk do we ignore, what makes us fail?
<head><html><meta http-equiv="X-YADIS-Location" content="found">

<body><meta http-equiv="X-YADIS-Location" content="found">

<body><html><head><meta http-equiv="X-YADIS-Location" content="found">


Beyond Josh's Suite

Should I return "" or "found"?
<html><head><meta http-equiv="X-YADIS-Location" content=""><meta http- 
equiv="X-YADIS-Location" content="found">

Perhaps an attribute order test
<html><head><meta content="found" http-equiv="X-YADIS-Location">

Also red-herring attribute tests
<html><head><meta http-equiv="X-YADIS-Location"  content="found not- 
found">
<html><head><meta http-equiv="X-YADIS-Location"  junk="blah"  
content="found">

Should this return found?
<meta http-equiv="X-YADIS-Location" content="not- 
found"><html><head><meta http-equiv="X-YADIS-Location"  content="found">

Joseph Anthony Pasquale Holsten
24R E 24th St Tulsa OK 74114-2406
mailto:pantosys at gmail.com
xmpp:pantosys at netlab.cz
tel:+1* 918 813 2447

P.S. Have the answers to these questions been answered somewhere?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2365 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/yadis/attachments/20060210/ecd4a4be/smime.bin

More information about the yadis mailing list