sanitizing and balancing

The modules available to filter HTML -- HTML::Scrubber, HTML::Sanitizer -- are missing what, to me, is a very important feature: enforcing tag balance. Those of us writing portal-style snippet-editing stuff often need to make sure that open tags match close tags, at the very least. Ideally, proper nesting would be enforced (and munged in by the filter itself).

Tag balance and proper nesting matter for two reasons: browsers often do odd, ugly and non-intuitive things to layout in the presence of unbalanced tags; and it is sometimes convenient to store snippets in x(ht)ml contexts, and forcing proper tag semantics on input removes the need to escape data in these kinds of systems. I have a hacked-up filter/balancer based on HTML::TreeBuilder. It works okay, is in the XML::Comma svn repository, and could be released with our next production version. But it would perhaps be nice to not impose yet-another-HTML-filter on the world, and to extend one of the existing offerings in this direction. So my question is, why don't other folks seem to care about this feature as much as we do -- what are we missing?

I do notice that perlmonks does some auto-balancing in posts (although not quite the same way I would). I did a bit of poking around at the Everything site, and it looks like the filter modules are not separate CPAN entities.

Comment on sanitizing and balancing

Replies are listed 'Best First'.
Re: sanitizing and balancing by Tanktalus (Canon) on May 02, 2005 at 16:38 UTC
Tag balancing is a feature (requirement) of XML, not HTML. You want an XML module if you are parsing XML, but if you're parsing HTML (as in, the HTML that you may get from an arbitrary site over which you have no control), you need the HTML modules. If your documents are well-formed, then I would suggest XML::Twig. I use XML::Twig for doing things such as taking HTML tables, copying the header, and reinserting it every 5th or 10th or whatever-th row such that, in long tables, you don't need to go back to the top of the screen to find it. And to alternate background colours on rows (setting the class attribute to "odd" or "even", and letting CSS actually do the colouring). But, if a user over which you have no control will send you text in a form, you're probably better off assuming that they may not balance their tags.	[reply]

Replies are listed 'Best First'.

Re: sanitizing and balancing
by Tanktalus (Canon) on May 02, 2005 at 16:38 UTC

Tag balancing is a feature (requirement) of XML, not HTML. You want an XML module if you are parsing XML, but if you're parsing HTML (as in, the HTML that you may get from an arbitrary site over which you have no control), you need the HTML modules.

If your documents are well-formed, then I would suggest XML::Twig. I use XML::Twig for doing things such as taking HTML tables, copying the header, and reinserting it every 5th or 10th or whatever-th row such that, in long tables, you don't need to go back to the top of the screen to find it. And to alternate background colours on rows (setting the class attribute to "odd" or "even", and letting CSS actually do the colouring).

But, if a user over which you have no control will send you text in a form, you're probably better off assuming that they may not balance their tags.

[reply]