FAQ: Untrusted users and HTML
I’ve literally seen hundreds of recipes for stripping unsafe HTML that are about as effective as a screen door on a submarine.
For what it’s worth, I’ve always been amused by this statement, because it’s wrong.
A screen door on a submarine is very effective — as long as you only use it to keep bugs out of the submarine while travelling on the surface. It’s a great tool for what it’s designed to do. It’s a lousy tool if it’s used inappropriately.
And yes, submarines do travel on the surface. Modern nuclear subs, especially the nuclear platforms and the hunters, do so much less frequently, but diesel driven subs spend a lot of time on the surface, and there, a screen door might not be a bad thing.
So it’s not so much about good tools or bad tools, but using tools appropriately and their effectiveness within context.Use the right tool for the job, and use tools correctly.
And remember to close the pressure door before you dive, because the screen door is lousy about keeping water out of the submarine. But great at keeping bugs out while letting fresh air in.
You might also want to read:
- Is your web site making assumptions about your users? I’m doing a little research for a project I’m working on for someone. Part of that project involves getting users up and running with Eclipse,...
- Apple says users should install anti-virus software (so what?) Apple says users should install anti-virus software | MacUser | Macworld: Nevertheless, the Washington Post’s Brian Krebs noticed a November 21 technical note published on...
- O’Reilly Network — Open Tools for MySQL Administrators O’Reilly Network — Open Tools for MySQL Administrators: MySQL provides some tools to monitor and troubleshoot a MySQL server, but they don’t always suit a...
- O’Reilly Radar > Rewarding Users for Contributing Data O’Reilly Radar > Rewarding Users for Contributing Data: Users should contribute data for a reason other than “Nat’s business model is predicated on collecting user-generated...
Subscribe
Recent Comments