Experimental project
This is a sandbox project, which contains experimental code for developer use only.
Autosanitization
(The module has namespace "sr"=secure rendering for historic reasons)
For backgrouds see
- Presentation proposal: Autosanitization | DrupalCon Munich 2012
- Background paper: www.cs.berkeley.edu/~prateeks/papers/empirical-webfwks.pdf
Short description: Proper autosanitization must be
* context-stack-aware
* and mimic appropriate browser decoding
this is possible if
* we have a system to classify html context
* for each html context we have a class that knows how to sanitize, decode and encode
* for each template variable we (explicitly or implicitly) know its html context
* we do late rendering, when we know the whole context stack
This module contains a proof of concept for this.
Project information
- Created by geek-merlin on , updated
