LJ not correctly parsing <link... > tags.
Brad Fitzpatrick
brad at danga.com
Wed Jul 6 22:36:34 PDT 2005
On Thu, 7 Jul 2005, Wladimir Palant wrote:
> I don't think consumers need to recognise all HTML entities and I don't
> think they should be able to resolve relative URLs either. OpenID can
> follow the lead of Pingback here:
> http://www.hixie.ch/specs/pingback/pingback#TOC2.2. I also hope to see
> regexps for server autodiscovery in the OpenID spec so that one can
> really rely on every consumer doing the same thing with the page. While
> HTML compliance is a nice feature, simplicity and reliability is more
> important.
Thanks for the link!
> Something also missing from the spec is a clear statement about the
> location of link tags - consumers MUST reject any link tag that isn't
> located inside the document head. HTML injection vulnerabilities are
> very common, one shouldn't make it too easy for the abusers.
Added it to the spec.
- Brad
>
> Wladimir
>
>
More information about the yadis
mailing list