It’s just data

Interoperability and XSS Mitigation

Rob Sayre: Come to think of it, we might want to standardize similar policies for restricted HTML parsing. There’s even a W3C mailing list working on this stuff. Turns out mail clients have the same issues that feed readers do. And Google Reader is just one example of a website that has this problem. Why can’t browsers borrow this policy from email clients and feed readers, and allow site authors to activate it? That way, sites wouldn’t get burned by faulty markup sanitization.

I’ve created Sanitization Rules.  As it is a wiki page, free form additions and refactorings are welcome.