Inspired by Simon Willison's code to HTMLify user input, converting urls into links, I wrote a hundred lines of python today, intending to drop them into the comment system. Only problem is, having written it, I don't trust it. I know there are bugs in there, code being code. Because I don't know, specifically, what those bugs are, much less understand their implications, I am reluctant to actually deploy the code.
As it happens, my first feelings of mistrust are fading as time passes.. but I think I need to figure out whether this is because I'm deciding that the potential problems are not that great or because I've already distancing myself from the code while shoveling snow and playing Mario Kart.
Basically, you can class the potential problems thusly:
- Bugs that allow a malicious attacker to execute code of their choice on my system. (extremely unlikely)
- Bugs that allow a malicious attacker to cause viewer's browsers to execute code (javascript) on their system. (unlikely, I think)
- Bugs that produce ugly comments. (likely)
Certainly the issues are weighted towards the latter, but the first two issues are sufficiently serious or embarrassing that I think I need to let the issue simmer for a while.
lends itself to that approach; I haven't felt competent
enough to put together a test suite yet. The bugs are going
to be in the cases that I haven't thought of, rather than
the ones I have.
problem as well as I'd like to. Sadly, I'm not sure we know
anyone who does.