Perform light AMP validation #140
Milestone
Comments
|
Knowing the transforms that run, I doubt any of the transforms would make an invalid amp document particularly dangerous. Hard to guarantee that's the case, but most of them just exist to make the document less likely to behave in non-amp manners, such as executing javascript. An additional idea would be to add a transformer that strips a handful of known disallowed HTML, such as extra attention to |
twifkak
added a commit
that referenced
this issue
Oct 9, 2018
…orms. This is done as a transformer rather than in amphtml.NewDOM because it applies only for the packager, and not other uses of the transformer library. In particular, doing this in amphtml.NewDOM breaks ampBoilerplate_test.go because of amp4ads and amp4email. Fixes #140. PiperOrigin-RevId: 216250217
Closed
twifkak
added a commit
that referenced
this issue
Oct 9, 2018
…orms. This is done as a transformer rather than in amphtml.NewDOM because it applies only for the packager, and not other uses of the transformer library. In particular, doing this in amphtml.NewDOM breaks ampBoilerplate_test.go because of amp4ads and amp4email. Fixes #140. PiperOrigin-RevId: 216250217
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Transforms may have unintended effects on invalid documents. There may be cases where the SXG is fetched and served by third parties without validation. Since full validation at serve time is too expensive, it should perform some light validation; at least to verify that the document intends to be AMP.
The text was updated successfully, but these errors were encountered: