Sidewalk to Nowhere

Thoughts, musings, and ideas from brian m. carlson


  • Thoughts on XHTML and security

    One of the interesting security problems we see on the web today is how to deal with untrusted HTML. Lots of folks want to allow Markdown on their sites, or AsciiDoc or some other text format, and any of these can contain literal HTML that needs to be sanitized. The problem invariably comes down to writing a sanitizer that parses HTML in the way that everyone else parses HTML, so that a malicious user can’t provide HTML that escapes sanitization.

  • The EDITOR and VISUAL environment variables

    On most Unix systems, there are two environment variables that control the user’s choice of text editor: EDITOR and VISUAL. They have different historical purposes, but are generally interchangeable today.