Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'd question the common XHTML talking point too, why is it the browser's job to render content that you clearly haven't even bothered to proofread?



Because it's a user agent and as the user I want it to degrade as gracefully as possible. It doesn't serve my interests to refuse to render anything just because the author of the website forgot a </b> tag somewhere. I'd rather read the text just with formatting other than what the author intended, than not read the text at all. Don't punish me for someone else's typo.


By that logic, broken SVGs and the like should also be rendered leniently. That doesn’t make any sense.

If HTML had been strictly schema-validated from the start, nobody would be arguing for this.

It’s certainly true that HTML being parsed leniently helped in it being picked up by amateur website authors in the early days, because they weren’t confronted with error messages (though they were confronted with “why doesn’t this render as I expect” instead). But that has little to do with user expectations by browser users.


I'm just baffled about how this hypothetical scenario would even happen.

Did the author of the website never try rendering the page themself before pushing it to live?

If user-generated content is able to trigger this then you have have an XSS vulnerability on your hands, strict validation or not.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: