[OpenID] Any use of <meta http-equiv="X-XRDS-Location" ...?
Martin Atkins
mart at degeneration.co.uk
Tue Jul 1 22:23:29 UTC 2008
Manger, James H wrote:
>
> Parsing HTML is not trivial so avoiding it could be worthwhile [§9.2
> “Parsing HTML documents” takes almost 60 pages of the 500 page draft
> HTML5 spec http://www.whatwg.org/specs/web-apps/current-work/#parsing].
>
While I've never really liked this fact, most OpenID implementations are
far from HTML parsers and instead impose additional restrictions above
and beyond what HTML requires, such as using an absolute URL (in
OpenID's "link" as well as X-XRDS-Location), not supporting any entity
escaping or numeric character references beyond the basic XML set, and
accepting tags that would be considered by a full HTML parser to be
commented out.
In an ideal world all of these things would use proper HTML parsers. If
that's unrealistic, which I think it is, then I'd prefer it if these
specs were more specific about how to extract the discovery tags so that
implementations have better interop and so authors know what to watch
out for. OpenID Authentication 2.0 is far from specific on how to
extract the HTML discovery information; hopefully XRDS-Simple can do better.
More information about the general
mailing list