Different kinds of validation?
Different kinds of validation?
Posted Sep 24, 2025 7:46 UTC (Wed) by taladar (subscriber, #68407)In reply to: Different kinds of validation? by farnz
Parent article: Tracking trust with Rust in the kernel
Posted Sep 25, 2025 9:16 UTC (Thu)
by farnz (subscriber, #17727)
[Link]
So <em>Microsoft® notice:</em>: please update your credentials in <a href="https://phishing-site.example.com">our new identity system is a valid HTML string, preserving all the invariants you need preserved (balanced tags, valid tags, entity escaping etc). However, if it came from a template file, it's untrusted (in the sense of Untrusted<&HtmlStr>), and needs validation before you treat it in the same way as HTML generated by your application.
Contrast impl TryFrom<&str> for HtmlStr<'_gt;, where you're saying that the input is a string, and it might, or might not, be valid HTML, but you need to do work to confirm that it is valid. Different problem - "this might not be valid HTML", as opposed to "this is definitely valid HTML, but the source might not be trustworthy".
Untrusted deals with the problem of "this is a valid HTML string that preserves soundness-relevant invariants and has the correct structure for HTML, but the contents of this string may not meet other invariants, like "does not contain the English word 'Administrator'".
Different kinds of validation?