LJ not correctly parsing <link... > tags.
Wladimir Palant
xpoint at gtchat.de
Wed Jul 6 17:38:26 PDT 2005
I don't think consumers need to recognise all HTML entities and I don't
think they should be able to resolve relative URLs either. OpenID can
follow the lead of Pingback here:
http://www.hixie.ch/specs/pingback/pingback#TOC2.2. I also hope to see
regexps for server autodiscovery in the OpenID spec so that one can
really rely on every consumer doing the same thing with the page. While
HTML compliance is a nice feature, simplicity and reliability is more
important.
Something also missing from the spec is a clear statement about the
location of link tags - consumers MUST reject any link tag that isn't
located inside the document head. HTML injection vulnerabilities are
very common, one shouldn't make it too easy for the abusers.
Wladimir
More information about the yadis
mailing list