annotate mod_xhtmlim/README.markdown @ 5796:93d6e9026c1b

mod_http_oauth2: Do not enforce PKCE on Device and OOB flows PKCE does not appear to be used with the Device flow. I have found no mention of any interaction between those standards. Since no data is delivered via redirects in these cases, PKCE may not serve any purpose. This is mostly a problem because we reuse the authorization code to implement the Device and OOB flows.
author Kim Alvefur <zash@zash.se>
date Fri, 15 Dec 2023 12:10:07 +0100
parents 1f68287138e3
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2865
f6ed4421167d mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 Introduction
f6ed4421167d mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2 ============
f6ed4421167d mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3
f6ed4421167d mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4 This module attempts to sanitize XHTML-IM messages.
f6ed4421167d mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5
3699
1f68287138e3 mod_xhtmlim: Default to stripping @style attribute by default
Kim Alvefur <zash@zash.se>
parents: 2865
diff changeset
6 It does **not** attempt to sanitize any CSS embedded in `style`
1f68287138e3 mod_xhtmlim: Default to stripping @style attribute by default
Kim Alvefur <zash@zash.se>
parents: 2865
diff changeset
7 attributes, these are instead stripped by default.
1f68287138e3 mod_xhtmlim: Default to stripping @style attribute by default
Kim Alvefur <zash@zash.se>
parents: 2865
diff changeset
8
2865
f6ed4421167d mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 Configuration
f6ed4421167d mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 =============
f6ed4421167d mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11
f6ed4421167d mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 Option Type Default
f6ed4421167d mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13 ------------------------ --------- ---------
3699
1f68287138e3 mod_xhtmlim: Default to stripping @style attribute by default
Kim Alvefur <zash@zash.se>
parents: 2865
diff changeset
14 `strip_xhtml_style` boolean `true`
2865
f6ed4421167d mod_xhtmlim: Attempts to sanitize XMTML-IM messages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 `bounce_invalid_xhtml` boolean `false`