HackerTrans
TopNewTrendsCommentsPastAskShowJobs

EmilStenstrom

755 karmajoined 16 lat temu

Submissions

JustHTML 3.0.0: A new HTML5 parser architecture

friendlybit.com
1 points·by EmilStenstrom·21 dni temu·0 comments

Software Bonkers

craigmod.com
2 points·by EmilStenstrom·4 miesiące temu·1 comments

JustHTML 1.0.0 Released

github.com
1 points·by EmilStenstrom·6 miesięcy temu·1 comments

Cross-site Scripting-benchmark of Python sanitizers against real browsers

github.com
4 points·by EmilStenstrom·6 miesięcy temu·1 comments

I wrote JustHTML using coding agents

friendlybit.com
1 points·by EmilStenstrom·7 miesięcy temu·0 comments

Show HN: JustHTML – A pure Python HTML5 parser that just works

github.com
6 points·by EmilStenstrom·7 miesięcy temu·2 comments

comments

EmilStenstrom
·przedwczoraj·discuss
The reason novelty matters for mathematics is that they strictly deduplicate all claims. If someone claim they proved something that we already knew was solved, than that wouldn't be considered novelty. Novelty and deduplication is the combo here. This is not true for blog posts.
EmilStenstrom
·18 dni temu·discuss
There's something unnerving about this blog post.

Paraphrasing: "The world's top security researches and AI labs are pouring all their VC money into finding as many security issues in curl as possible". At the same time, we know that curl is run by volunteers that needs to handle all of this. I'm not saying that we shouldn't do security review of open source libraries, just saying that this situation puts a lot of pressure on the maintainers.

The second unnerving thing is that many of the listed vulnerabilites target embedded libcurl; a library with a much slower update cycle. I'm guessing that many of the listed bugs are still in active use, inside the thousands of applications that use curl internally. Another tricky situation.

Both of these stand in contrast to the posts "braggy" style of "we found the most vulnerabilities of all!!!".
EmilStenstrom
·2 miesiące temu·discuss
Here's a free, fact-packed, breakdown on both smoking and "snus" in Sweden: https://www.folkhalsomyndigheten.se/the-public-health-agency...

Numbers are from 2024, but smoking was at 5.4%, and snus at 15.7%.
EmilStenstrom
·3 miesiące temu·discuss
I somehow find the concept of a general time series model strange. How can the same model predict egg prices in Italy, and global inflation in a reliable way?

And how would you even use this model, given that there are no explanations that help you trust where the prediction comes from…
EmilStenstrom
·3 miesiące temu·discuss
Here is the link to the blogpost, that actually describe what this is: https://github.com/google-research/timesfm?tab=readme-ov-fil...
EmilStenstrom
·4 miesiące temu·discuss
"Simply put: It’s a big mess, and no off-the-shelf accounting software does what I need. So after years of pain, I finally sat down last week and started to build my own. It took me about five days. I am now using the best piece of accounting software I’ve ever used."
EmilStenstrom
·5 miesięcy temu·discuss
Doesn't matter which one. All of them can do things like this now, given a good enough feedback loop. Which your problem has.
EmilStenstrom
·6 miesięcy temu·discuss
Added features since initial release:

- Bleach-like sanitization feature built in and enabled by default

- Transforms API for simple HTML mutations

- Rewamped docs

- Playground powered by PyOdide (thanks for the idea simomw!)
EmilStenstrom
·6 miesięcy temu·discuss
I see that the blog post is mentioning not finding the web100k dataset, it's here: https://github.com/EmilStenstrom/web100k
EmilStenstrom
·6 miesięcy temu·discuss
As the author, it's a stretch to say that JustHTML is a port of html5ever. While you're right that this was part of the initial prompt, the code is very different, which is typically not what counts as "port". Your mileage may wary.
EmilStenstrom
·6 miesięcy temu·discuss
To see the actual errors, just paste your HTML here and see: https://emilstenstrom.github.io/justhtml/playground/ - any parsing errors show up below the input box.

Some tags do require ending tags, others do not. Personally I find it hard to remember which ones, so I just close things out of caution. That way you’re always spec-correct.
EmilStenstrom
·6 miesięcy temu·discuss
Data driven test suites are really good for building trust in a library. Both the html5lib-tests suite and my recent xss-bench are examples of this!
EmilStenstrom
·6 miesięcy temu·discuss
The reason for this was to be able to build trust in the new sanitization features of my other project: https://friendlybit.com/python/justhtml-sanitization/
EmilStenstrom
·7 miesięcy temu·discuss
Thanks for flagging this. Found multiple errors that are now fixed:

- The quoted test comes from justhtml-tests, a custom test suite added to make sure all parts of the algorithm are tested. It is not part of html5lib-tests.

- html5lib-tests does not support control characters in tests, which is why some of the tests in justhtml-tests exist in the first place. In my test suite I have added that ability to our test runner to make sure we handle control character correctly.

- In the INCOMING HTML block above, we are not printing control characters, they get filtered away in the terminal

- Both the treebuilder and the tokenizer are outputting errors for the found control character. None of them are in the right location (at flush instead of where found), and they are also duplicate.

- This being my own test suite, I haven't specified the correct errors. I should. expected-doctype-but-got-start-tag is reasonable in this case.

All of the above bugs are now fixed, and the test suite is in a better shape. Thanks again!
EmilStenstrom
·7 miesięcy temu·discuss
I've checked the numbers for html5lib, and they are correct. They are skipping a load of tests for many different reasons, one being that namespacing of svg/math fragments are not implemented. The 88% number listed is correct.
EmilStenstrom
·7 miesięcy temu·discuss
Excellent feedback. I'll have a look at the running of html5lib tests again.
EmilStenstrom
·7 miesięcy temu·discuss
Hi! The expected errors are not standardized enough for it to make sense to enable --check-errors by default. If you look at the readme, you'll see that the only thing they're checking is that the _numbers of errors_ are correct.

That said, the example you are pulling our out does not match that either. I'll make sure to fix this bug and other like it! https://github.com/EmilStenstrom/justhtml/issues/20
EmilStenstrom
·7 miesięcy temu·discuss
I think the reason this was an evening project for Simon is based on both the code and the tests and conjunction. Removing one of them would at least 10x the effort is my guess.
EmilStenstrom
·7 miesięcy temu·discuss
The other way around works as well! ”Get me to 100% test coverage using only integration tests” is a fun prompt!
EmilStenstrom
·7 miesięcy temu·discuss
My feeling is that my code depends more on the html5lib-tests work than on html5ever. While inspired by, I think the macro-based Rust code is different enough from the source so that its new work. I’m guessing we’ll never know.