[MKDoc-modules] Re: [FEATURE REQ] XHTML whitelist of elements and attributes

[Paul Arzul]

On Thu 25-Sep-2003 at 12:13:43PM +0100, Paul Arzul wrote:
> On Fri 16-May-2003 at 05:14:15PM +0100, Chris Croome wrote:
> > Hi
> > 
> > Whitelist wishlist...
> > 
> > Allowed HTML in the body of a document, excluding Javascript and CSS and
> > deprecated things and XHML things.
> 
> okay, i've had a closer look at this list by doing a diff with the xhtml
> 1.0 transitional list i did.
> 
> things i've noticed are:
> 
> you're using the xml:space attribute for code, kbd and tt -- none of
> which appear valid?
> 
> other odd ones are:
> 
> - optgroup multiple name size tabindex
> - option multiple size tabindex
> - dfn datetime
> - input ismap
> 
> i think those are all typos and can go. important things that are
> missing are:
> 
> - label accesskey
> - optgroup label
> - option label
> 
> and also perhaps align, char, and charoff on a various table elements.
> it's hard to read diffs with all the extra fluff -- maybe i've missed
> more. :(
> 
> would is be simpler to use one of the xhtml lists (say transitional) and
> specifically disallow elements we don't want?
> 
> ---8<---
> 
> use strict;
> use warnings;
> 
> use MKDoc::XML::Stripper;
> 
> my $stripper = new MKDoc::XML::Stripper;
> 
> # $stripper->load_def('mkdoc16');
> $stripper->load_def('xhtml10transitional.txt');
> 
> $stripper->disallow(head);
> $stripper->disallow(script);
> $stripper->disallow(style);
> # etc...
> 
> --->8---

in the meanwhile, i've created a new mkdoc 1.6 list based off xhtml 1.0 strict.
it's more or less identical to chris's list, so:

elements removed:

html
head
title
script
style
link
meta
base
body
noscript


attributes removed:

- the core attribute: style
- events: onclick, ondblclick, onmousedown, onmouseup, onmouseover,
  onmousemove, onmouseout, onkeypress, onkeydown, onkeyup
- focus: onfocus, onblur
- miscellaneous:
* form: action onreset onsubmit
* input: onchange onselect
* select: onchange
* textarea: onchange onselect
* horizontal and vertical alignment of tabular elements: align, char, charoff,
  valign

this new list differs from the original by...

removed:

- head

- br clear
- code xml:space
- dfn datetime
- form name
- img name
- input ismap
- kbd xml:space
- optgroup multiple
- optgroup name
- optgroup size
- optgroup tabindex
- option multiple
- option size
- option tabindex
- tt xml:space

(all typos i think.)


and the following were added:

- button name
- label accesskey
- object declare
- optgroup label
- option label
- option selected
- option value
- select name

- p

-------------- next part --------------
# mkdoc 1.6 defaults by chris croome (chris at mkdoc.com) 2003/05/16
# linearized and sorted by paul arzul (patricka at mkdoc.com) 2003/09/22
#
# recreated from xhtml 1.0 strict by paul arzul (patricka at mkdoc.com) 2003/09/26


# a
# anchor

a accesskey
a charset
a class
a coords
a dir
a href
a hreflang
a id
a lang
a name
a rel
a rev
a shape
a tabindex
a title
a type
a xml:lang


# abbr
# abbreviated form (e.g., WWW, HTTP, etc.)

abbr class
abbr dir
abbr id
abbr lang
abbr title
abbr xml:lang


# acronym
#

acronym class
acronym dir
acronym id
acronym lang
acronym title
acronym xml:lang


# address
# information on author

address class
address dir
address id
address lang
address title
address xml:lang


# area
# client-side image map area

area accesskey
area alt
area class
area coords
area dir
area href
area id
area lang
area nohref
area shape
area tabindex
area title
area xml:lang


# b

b class
b dir
b id
b lang
b title
b xml:lang


# bdo
# I18N BiDi over-ride

bdo class
bdo dir
bdo id
bdo lang
bdo title
bdo xml:lang


# big

big class
big dir
big id
big lang
big title
big xml:lang


# blockquote
# long quotation

blockquote cite
blockquote class
blockquote dir
blockquote id
blockquote lang
blockquote title
blockquote xml:lang


# br
# forced line break

br class
br id
br title


# button
# push button

button accesskey
button class
button dir
button disabled
button id
button lang
button name
button tabindex
button title
button type
button value
button xml:lang


# caption
# table caption

caption class
caption dir
caption id
caption lang
caption title
caption xml:lang


# cite
# citation

cite class
cite dir
cite id
cite lang
cite title
cite xml:lang


# code
# computer code fragment

code class
code dir
code id
code lang
code title
code xml:lang


# col
# table column

col class
col dir
col id
col lang
col span
col title
col width
col xml:lang


# colgroup
# table column group

colgroup class
colgroup dir
colgroup id
colgroup lang
colgroup span
colgroup title
colgroup width
colgroup xml:lang


# dd
# definition description

dd class
dd dir
dd id
dd lang
dd title
dd xml:lang


# del
# deleted text

del cite
del class
del datetime
del dir
del id
del lang
del title
del xml:lang


# dfn
# instance definition

dfn class
dfn dir
dfn id
dfn lang
dfn title
dfn xml:lang


# div
# generic language/style container

div class
div dir
div id
div lang
div title
div xml:lang


# dl
# definition list

dl class
dl dir
dl id
dl lang
dl title
dl xml:lang


# dt
# definition term

dt class
dt dir
dt id
dt lang
dt title
dt xml:lang


# em
# emphasis

em class
em dir
em id
em lang
em title
em xml:lang


# fieldset
# form control group

fieldset class
fieldset dir
fieldset id
fieldset lang
fieldset title
fieldset xml:lang


# form
# interactive form

form accept
form accept-charset
form class
form dir
form enctype
form id
form lang
form method
form title
form xml:lang


# h1
# heading

h1 class
h1 dir
h1 id
h1 lang
h1 title
h1 xml:lang


# h2
# heading

h2 class
h2 dir
h2 id
h2 lang
h2 title
h2 xml:lang


# h3
# heading

h3 class
h3 dir
h3 id
h3 lang
h3 title
h3 xml:lang


# h4
# heading

h4 class
h4 dir
h4 id
h4 lang
h4 title
h4 xml:lang


# h5
# heading

h5 class
h5 dir
h5 id
h5 lang
h5 title
h5 xml:lang


# h6
# heading

h6 class
h6 dir
h6 id
h6 lang
h6 title
h6 xml:lang


# hr
# horizontal rule

hr class
hr dir
hr id
hr lang
hr title
hr xml:lang


# i
# italic text style

i class
i dir
i id
i lang
i title
i xml:lang


# img
# Embedded image

img alt
img class
img dir
img height
img id
img ismap
img lang
img longdesc
img src
img title
img usemap
img width
img xml:lang


# input
# form control

input accept
input accesskey
input alt
input checked
input class
input dir
input disabled
input id
input lang
input maxlength
input name
input readonly
input size
input src
input tabindex
input title
input type
input usemap
input value
input xml:lang


# ins
# inserted text

ins cite
ins class
ins datetime
ins dir
ins id
ins lang
ins title
ins xml:lang


# kbd
# text to be entered by the user

kbd class
kbd dir
kbd id
kbd lang
kbd title
kbd xml:lang


# label
# form field label text

label accesskey
label class
label dir
label for
label id
label lang
label title
label xml:lang


# legend
# fieldset legend

legend accesskey
legend class
legend dir
legend id
legend lang
legend title
legend xml:lang


# li
# list item

li class
li dir
li id
li lang
li title
li xml:lang


# map
# client-side image map

map class
map dir
map id
map lang
map name
map title
map xml:lang


# object
# generic embedded object

object archive
object class
object classid
object codebase
object codetype
object data
object declare
object dir
object height
object id
object lang
object name
object standby
object tabindex
object title
object type
object usemap
object width
object xml:lang


# ol
# ordered list

ol class
ol dir
ol id
ol lang
ol title
ol xml:lang


# optgroup
# option group

optgroup class
optgroup dir
optgroup disabled
optgroup id
optgroup label
optgroup lang
optgroup title
optgroup xml:lang


# option
# selectable choice

option class
option dir
option disabled
option id
option label
option lang
option selected
option title
option value
option xml:lang


# p
# paragraph

p class
p dir
p id
p lang
p title
p xml:lang


# param
# named property value

param id
param name
param type
param value
param valuetype


# pre
# preformatted text

pre class
pre dir
pre id
pre lang
pre title
pre xml:lang
pre xml:space


# q
# short inline quotation

q cite
q class
q dir
q id
q lang
q title
q xml:lang


# samp
# sample program output, scripts, etc.

samp class
samp dir
samp id
samp lang
samp title
samp xml:lang


# select
# option selector

select class
select dir
select disabled
select id
select lang
select multiple
select name
select size
select tabindex
select title
select xml:lang


# small

small class
small dir
small id
small lang
small title
small xml:lang


# span
# generic language/style container

span class
span dir
span id
span lang
span title
span xml:lang


# strong
# strong emphasis

strong class
strong dir
strong id
strong lang
strong title
strong xml:lang


# sub
# subscript

sub class
sub dir
sub id
sub lang
sub title
sub xml:lang


# sup
# superscript

sup class
sup dir
sup id
sup lang
sup title
sup xml:lang


# table
#

table border
table cellpadding
table cellspacing
table class
table dir
table frame
table id
table lang
table rules
table summary
table title
table width
table xml:lang


# tbody
# table body

tbody class
tbody dir
tbody id
tbody lang
tbody title
tbody xml:lang


# td
# table data cell

td abbr
td axis
td class
td colspan
td dir
td headers
td id
td lang
td rowspan
td scope
td title
td xml:lang


# textarea
# multi-line text field

textarea accesskey
textarea class
textarea cols
textarea dir
textarea disabled
textarea id
textarea lang
textarea name
textarea readonly
textarea rows
textarea tabindex
textarea title
textarea xml:lang


# tfoot
# table footer

tfoot class
tfoot dir
tfoot id
tfoot lang
tfoot title
tfoot xml:lang


# th
# table header cell

th abbr
th axis
th class
th colspan
th dir
th headers
th id
th lang
th rowspan
th scope
th title
th xml:lang


# thead
# table header

thead class
thead dir
thead id
thead lang
thead title
thead xml:lang


# tr
# table row

tr class
tr dir
tr id
tr lang
tr title
tr xml:lang


# tt

tt class
tt dir
tt id
tt lang
tt title
tt xml:lang


# ul
# unordered list

ul class
ul dir
ul id
ul lang
ul title
ul xml:lang


# var
# instance of a variable or program argument

var class
var dir
var id
var lang
var title
var xml:lang