[liberationtech] Concept for takedown-resistant publishing

[Arturo Filastò]

On Feb 3, 2012, at 9:35 PM, Daniel Margo wrote:

> After consulting a shower, I realized the way you would do comments is by storing them in a format that required no pre-processing (e.g. SQL sanitization) and then doing all post-processing (HTML sanitization, BBcodes, swear removal, w/e) at the client, where if they're byzantine all they affect is their self. This is probably extensible to any data storage-and-retrieval feature where there is A. no pre-processing, and B. no more post-processing than can be realistically done at render time. That still expands the universe of possible features a good bit.
> - Daniel Margo

Yes, showers are indeed often very illuminating!

The fact is that inside of the web application what you are doing is only REST requests to a backend system
that means that the content of the response cannot manipulate the DOM of the page therefore you are not
worried of sanitizing data.

I illustrate this approach in a post I did how we could in future do crypto safely inside of browsers:
http://hellais.wordpress.com/2011/12/27/how-to-improve-javascript-cryptography/ (section DOM 
manipulation).

- Art.