W3C provides insecurity?

BlackSheep
My Security Planet
FuckTheSpam!
Redir.tv
Projects
Grabber
PHP-Ast/Oracle
Resume

Last comments

PHP, variable variables, oh my! - Romain
PHP, variable variables, oh my! - Toya Kyte
PHP, variable variables, oh my! - Toya Kyte
PHP, variable variables, oh my! - MaXe
PHP, variable variables, oh my! - Romain
PHP, variable variables, oh my! - briedis
PHP, variable variables, oh my! - Trikisatan
PHP, variable variables, oh my! - Haris
PHP, variable variables, oh my! - PingPong
PHP, variable variables, oh my! - Toya Kyte
PHP, variable variables, oh my! - Will
Dissection of a SQL injection challenge - Romain
Dissection of a SQL injection challenge - Miroslav Stampar
Scalp: apache log based attack analyzer - spirit
Scalp: apache log based attack analyzer - Tim
PyQt and WebKit integration: unexpected limitation [fixed] - Richard
IE6 And IE7 don't have compatible CSS tricks - diyism
Scalp 0.4: apache log based attack analyzer, updated - romain
Scalp 0.4: apache log based attack analyzer, updated - jacke
When CAPTCHA fails... - C++ Tester Tools

Last entries

PHP, variable variables, oh my!
Dissection of a SQL injection challenge
WASC Threat Classification 2 - Wordle
Yes, we need a standard to evaluate SAST, but it ain't easy...
Data driven factory: I give you data, you give me an object...
NIST Static Analysis Tool Exposition special publication released
HTML 5 current browsers implementation support
SHA-3 reference implementations buffer overflows
When CAPTCHA fails...
CIA spamming security groups: Be a part of a mission that’s larger than all of us.
SSL Fails! SSLFail.com
Every-day's CSRF: Sorry, I turned off your christmas tree lights
IE7, no Same Origin Policy when the script/file is on your file system
Internet User Privacy Values Survey
Last week at NIST
Scalp 0.4: apache log based attack analyzer, updated
PyQt and WebKit integration: unexpected limitation [fixed]
How fair should Google Search be?
And so you wanted to protect your email address on your website...
Why the "line of code" is indeed a good metric
Trie based fast and massive replacement (Algorithm)
A morning at work: Content-Disposition blocked!
Scalp: apache log based attack analyzer
My talk at SAW: Automated Evaluation of source code analyzer output
ph34r the script kiddies: Whitehouse.org
Yet another study on code quality: A Tale of Four Kernels
Static Analysis Tool Exposition is over
Oh please stop it with these ridiculous CAPTCHAs!
Accelerate the convergence to the bug: Running the test in 16-bit
Scaling MySQL db
MySQL table/field names
Untrusted websites passwords
NIST SATE step 3 completed: test cases information release
Code review: facilitate the SCA output analysis
OWASP France Chapter & OWASP Top Ten 2007 French
Code review tools: the missing link (so far)
SATE ready to go + weaknesses walker + Shmoo + 100
NIST Static Analysis Tool Exposition: No, this is not a competition!
Talk: Problems and solutions for testing web application security scanners
Definition parsing: first step done

Blog:tech

This is a simple tech blog. I am mostly interested in application security, web, technologies... but every time I can, I try to play with some other field I like such as data-mining, graph theory, compilers, languages, etc..

Contact:

By Romain Friday, March 9 2007 - 10:44 UTC - Discussion - Permalink

The W3C announced yesterday that a new Working Group was created for working on the HTML language.
I don't know if you think the same way than me about this, but for me, HTML language is such a pain in the ass for security. It allows too much things, modifications, ill-written html... With XHTML we have the opportunity to have a quite strict language which is definitely better...

Please guys, when you are doing the new HTML think with security in mind, thanks.

Last comments

Last entries

Blog:tech

Tags

Categories

Links

Web Security

General Sec.

Other

W3C provides insecurity?