r207392 - libclang: split out the documentation comment API

[Alp Toker]

On 28/04/2014 08:16, Alp Toker wrote:
> When the implementation starts to add HTML5 rules and JavaScript 
> validators in libclang(!) while the basic one-liner comment parsing 
> isn't yet dogfoodable due to performance issues it's worth taking a 
> step back. Seriously, let's fix this. 

On this point, I feel strongly that any HTML sanitizing facilities or 
cross-site scripting checks should be removed from the repository. 
Instead document the fact that HTML output isn't trusted and must be 
sanitized before being sent to the user's browser.

As you said in your own commit log, "going over all of the HTML5 spec 
requires a
     significant amount of time" and what's in-tree is incomplete and 
insecure -- so why attempt to do it in the compiler when every web 
framework in existence already has a quality implementation?

Alp.

-- 
http://www.nuanti.com
the browser experts