HackerTrans
トップ新着トレンドコメント過去質問紹介求人

EmilStenstrom

755 カルマ登録 16 年前

投稿

JustHTML 3.0.0: A new HTML5 parser architecture

friendlybit.com
1 ポイント·投稿者 EmilStenstrom·21 日前·0 コメント

Software Bonkers

craigmod.com
2 ポイント·投稿者 EmilStenstrom·4 か月前·1 コメント

JustHTML 1.0.0 Released

github.com
1 ポイント·投稿者 EmilStenstrom·6 か月前·1 コメント

Cross-site Scripting-benchmark of Python sanitizers against real browsers

github.com
4 ポイント·投稿者 EmilStenstrom·6 か月前·1 コメント

I wrote JustHTML using coding agents

friendlybit.com
1 ポイント·投稿者 EmilStenstrom·7 か月前·0 コメント

Show HN: JustHTML – A pure Python HTML5 parser that just works

github.com
6 ポイント·投稿者 EmilStenstrom·7 か月前·2 コメント

コメント

EmilStenstrom
·一昨日·議論
The reason novelty matters for mathematics is that they strictly deduplicate all claims. If someone claim they proved something that we already knew was solved, than that wouldn't be considered novelty. Novelty and deduplication is the combo here. This is not true for blog posts.
EmilStenstrom
·18 日前·議論
There's something unnerving about this blog post.

Paraphrasing: "The world's top security researches and AI labs are pouring all their VC money into finding as many security issues in curl as possible". At the same time, we know that curl is run by volunteers that needs to handle all of this. I'm not saying that we shouldn't do security review of open source libraries, just saying that this situation puts a lot of pressure on the maintainers.

The second unnerving thing is that many of the listed vulnerabilites target embedded libcurl; a library with a much slower update cycle. I'm guessing that many of the listed bugs are still in active use, inside the thousands of applications that use curl internally. Another tricky situation.

Both of these stand in contrast to the posts "braggy" style of "we found the most vulnerabilities of all!!!".
EmilStenstrom
·2 か月前·議論
Here's a free, fact-packed, breakdown on both smoking and "snus" in Sweden: https://www.folkhalsomyndigheten.se/the-public-health-agency...

Numbers are from 2024, but smoking was at 5.4%, and snus at 15.7%.
EmilStenstrom
·3 か月前·議論
I somehow find the concept of a general time series model strange. How can the same model predict egg prices in Italy, and global inflation in a reliable way?

And how would you even use this model, given that there are no explanations that help you trust where the prediction comes from…
EmilStenstrom
·3 か月前·議論
Here is the link to the blogpost, that actually describe what this is: https://github.com/google-research/timesfm?tab=readme-ov-fil...
EmilStenstrom
·4 か月前·議論
"Simply put: It’s a big mess, and no off-the-shelf accounting software does what I need. So after years of pain, I finally sat down last week and started to build my own. It took me about five days. I am now using the best piece of accounting software I’ve ever used."
EmilStenstrom
·5 か月前·議論
Doesn't matter which one. All of them can do things like this now, given a good enough feedback loop. Which your problem has.
EmilStenstrom
·6 か月前·議論
Added features since initial release:

- Bleach-like sanitization feature built in and enabled by default

- Transforms API for simple HTML mutations

- Rewamped docs

- Playground powered by PyOdide (thanks for the idea simomw!)
EmilStenstrom
·6 か月前·議論
I see that the blog post is mentioning not finding the web100k dataset, it's here: https://github.com/EmilStenstrom/web100k
EmilStenstrom
·6 か月前·議論
As the author, it's a stretch to say that JustHTML is a port of html5ever. While you're right that this was part of the initial prompt, the code is very different, which is typically not what counts as "port". Your mileage may wary.
EmilStenstrom
·6 か月前·議論
To see the actual errors, just paste your HTML here and see: https://emilstenstrom.github.io/justhtml/playground/ - any parsing errors show up below the input box.

Some tags do require ending tags, others do not. Personally I find it hard to remember which ones, so I just close things out of caution. That way you’re always spec-correct.
EmilStenstrom
·6 か月前·議論
Data driven test suites are really good for building trust in a library. Both the html5lib-tests suite and my recent xss-bench are examples of this!
EmilStenstrom
·6 か月前·議論
The reason for this was to be able to build trust in the new sanitization features of my other project: https://friendlybit.com/python/justhtml-sanitization/
EmilStenstrom
·7 か月前·議論
Thanks for flagging this. Found multiple errors that are now fixed:

- The quoted test comes from justhtml-tests, a custom test suite added to make sure all parts of the algorithm are tested. It is not part of html5lib-tests.

- html5lib-tests does not support control characters in tests, which is why some of the tests in justhtml-tests exist in the first place. In my test suite I have added that ability to our test runner to make sure we handle control character correctly.

- In the INCOMING HTML block above, we are not printing control characters, they get filtered away in the terminal

- Both the treebuilder and the tokenizer are outputting errors for the found control character. None of them are in the right location (at flush instead of where found), and they are also duplicate.

- This being my own test suite, I haven't specified the correct errors. I should. expected-doctype-but-got-start-tag is reasonable in this case.

All of the above bugs are now fixed, and the test suite is in a better shape. Thanks again!
EmilStenstrom
·7 か月前·議論
I've checked the numbers for html5lib, and they are correct. They are skipping a load of tests for many different reasons, one being that namespacing of svg/math fragments are not implemented. The 88% number listed is correct.
EmilStenstrom
·7 か月前·議論
Excellent feedback. I'll have a look at the running of html5lib tests again.
EmilStenstrom
·7 か月前·議論
Hi! The expected errors are not standardized enough for it to make sense to enable --check-errors by default. If you look at the readme, you'll see that the only thing they're checking is that the _numbers of errors_ are correct.

That said, the example you are pulling our out does not match that either. I'll make sure to fix this bug and other like it! https://github.com/EmilStenstrom/justhtml/issues/20
EmilStenstrom
·7 か月前·議論
I think the reason this was an evening project for Simon is based on both the code and the tests and conjunction. Removing one of them would at least 10x the effort is my guess.
EmilStenstrom
·7 か月前·議論
The other way around works as well! ”Get me to 100% test coverage using only integration tests” is a fun prompt!
EmilStenstrom
·7 か月前·議論
My feeling is that my code depends more on the html5lib-tests work than on html5ever. While inspired by, I think the macro-based Rust code is different enough from the source so that its new work. I’m guessing we’ll never know.