[WEB SECURITY] Repository of site URL structures?

Chris Weber chris at casabasecurity.com
Tue Jun 21 15:09:23 EDT 2011

Hi Andres,

> -----Original Message-----
> From: Andres Riancho [mailto:andres.riancho at gmail.com]
> Sent: Tuesday, June 21, 2011 11:59 AM
> To: Chris Weber
> Cc: websecurity at lists.webappsec.org
> Subject: Re: [WEB SECURITY] Repository of site URL structures?
> Chris,
> On Tue, Jun 21, 2011 at 2:49 PM, Chris Weber <chris at casabasecurity.com>
> wrote:
> > What are you trying to do Robert?  I've been amassing a list of URIs
> > and IRIs for testing purposes, you can check it out here:
> >
> > https://github.com/cweb/iri-tests/blob/master/tests.xml
> Awesome stuff :) Quick question, how do you know what's the real expected
> result? For example in:

That's an important question isn't it :) Please ignore the <expected> stuff
for now, it's in flux.  Webkit has its own idea of what's expected, so some
of it comes from there, others of it come from  the RFCs.  But it's still
questionable why Webkit chose it's expected results.   I'm planning to keep
Webkit's expected result for now, and considering basing the expected result
on the majority browser implementation, which means more testing and data
collection first.


More information about the websecurity mailing list