summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorGravatar Adam Chlipala <adam@chlipala.net>2010-12-11 19:57:22 -0500
committerGravatar Adam Chlipala <adam@chlipala.net>2010-12-11 19:57:22 -0500
commit6cd100d1ca2603d57ffd6a05763ca2de18554a97 (patch)
treee036e8f26e4cddc79884b0cd619223e22ea5b4f5 /doc
parentf327681cc734f2b478051f0174ca9d980ff2e5ae (diff)
Warn about XHTML looseness
Diffstat (limited to 'doc')
-rw-r--r--doc/manual.tex2
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/manual.tex b/doc/manual.tex
index 68e0b10c..e48c2648 100644
--- a/doc/manual.tex
+++ b/doc/manual.tex
@@ -1819,7 +1819,7 @@ $$\begin{array}{l}
\subsection{XML}
-Ur/Web's library contains an encoding of XML syntax and semantic constraints. We make no effort to follow the standards governing XML schemas. Rather, XML fragments are viewed more as values of ML datatypes, and we only track which tags are allowed inside which other tags.
+Ur/Web's library contains an encoding of XML syntax and semantic constraints. We make no effort to follow the standards governing XML schemas. Rather, XML fragments are viewed more as values of ML datatypes, and we only track which tags are allowed inside which other tags. The Ur/Web standard library encodes a very loose version of XHTML, where it is very easy to produce documents which are invalid XHTML, but which still display properly in all major browsers. The main purposes of the invariants that are enforced are first, to provide some documentation about the places where it would make sense to insert XML fragments; and second, to rule out code injection attacks and other abstraction violations related to HTML syntax.
The basic XML type family has arguments respectively indicating the \emph{context} of a fragment, the fields that the fragment expects to be bound on entry (and their types), and the fields that the fragment will bind (and their types). Contexts are a record-based ``poor man's subtyping'' encoding, with each possible set of valid tags corresponding to a different context record. The arguments dealing with field binding are only relevant to HTML forms.
$$\begin{array}{l}