#microformats 2022-12-01

2022-12-01 UTC
#
btrem edited /svg (-15) "Changes simple example to use implied name property of h-card" (view diff)
#
btrem edited /svg (+222) "Adds parsed json resulting from simple example" (view diff)
[aciccarello], [jacky]1, [chrisaldrich]1 and Seirdy joined the channel
#
[tantek] btrem++ thank you!!!
#
Loqi btrem has 4 karma over the last year
#
[KevinMarks] For svgshare.com I parse with html5lib and remove all script tags (I also only use img on the site, except for the upload dialogue, so anyone who uploads a script exploit only hacks themselves)
#
btrem edited /svg (+1656) "/* Example */ Adds second example of svg with h-card markup" (view diff)
gRegor, gRegorLove_, [ender]1, [snarfed]2, [manton]1, [tantek]1, IWSlackGateway1, [KevinMarks]1, [schmarty]1, strugee-, Zegnet, emery, btrem, angelo and porquilho joined the channel
#
@windymelt rel=me文化 / 1件のコメント https://b.hatena.ne.jp/entry/s/microformats.org/wiki/rel-me#utm_campaign=bookmark_share&utm_content=microformats.org&utm_medium=social&utm_source=twitter&utm_term=%E4%B8%96%E3%81%AE%E4%B8%AD “rel="me" - Microformats Wiki” (1 user) https://htn.to/4y7aJRTsNE (twitter.com/_/status/1598228398509555712)
tiim, IWDiscordRelay, mouse[d], [fluffy], gRegorLove_ and [jamietanna] joined the channel
#
btrem edited /svg (-65) "/* Examples */ Removes unneeded rect element" (view diff)
[eddie], gRegorLove_, gRegor and [jacky] joined the channel
#
[jacky] I am really curious about this re: SVGs b/c I've been learning more about them and would like to move to use them as much as I can on my site
#
[jacky] it looks like SVGTiny would take out scripting as an option! https://www.w3.org/TR/SVGTiny/#sec-scripting
#
[jacky] but could it be re-enabled via embedded metadata? like https://www.w3.org/TR/SVGTiny/#sec-metadata and in the following header?
#
[jacky] also would that mean that parsers that support embedded SVGs _should_ parse it under SVGTiny? I know there's no recommendation on sanitizing HTML in the mf spec
btrem joined the channel
#
[tantek] jacky, that's a very good suggestion if I understand you correctly, to make that explicit in the mf2 parsing spec ("[mf2] parsers that support embedded SVGs _should_ parse it under SVGTiny") — can you file an issue for that? https://github.com/microformats/microformats2-parsing/issues/
#
btrem Are there rules for parsing html that restrict elements to reduce security vulnerabilities?
#
btrem re: https://chat.indieweb.org/microformats/2022-11-30/1669843195052700
#
Loqi [aaronpk] you can put all sorts of interesting things in an SVG, things that I would be worried about republishing in a reader
#
btrem Is this something specified by mf2 parsing rules? Or something that consumers do to protect themselves?
#
aaronpk something that consumers do, long standing practice even before mf2 "html sanitization"
#
btrem Then does it make sense to specify that svg be parsed in a special way, with SVGTiny?
#
btrem ISTM that it is up to consumers to take precautions. So maybe parsing rules should provide a general warning about republishing e.g. `h-entry`, with suggestions on how to reduce the dangers.
[hollie] and ur5us joined the channel
#
[tantek] the idea is that parsing with/for SVGTiny is at least *a* defined method for SVG sanitization, whereas HTML sanitization is still very much custom design/code.
#
[KevinMarks] FeedParser has good docs on sanitisation https://pythonhosted.org/feedparser/html-sanitization.html
#
btrem [jacky] have you filed an issue yet?
#
btrem Whoa. I just discovered that Firefox hides images with class "u-logo". Might be an ad-block thing. On first glance, it seems worrying.
#
btrem Wait. Maybe not. I might have jumped the gun. :/ Sorry.
#
[jacky] btrem: not yet, /life_happens (but not in a bad way)
#
[jacky] mainly work (union work)
#
btrem re: my Firefox comment: the image was disappearing in a specific set of markup and css. Probably not a bug, since I saw the same effect in Firefox and Chromium. In any case, it was completely unrelated to `u-logo`.
[Murray] joined the channel