Closed adactio closed 8 years ago
cramforce
commented
8 years ago @adactio The whitelist is because some rel values have semantics. Like rel=import (dangerous), rel=stylesheet (unwanted in AMP) and rel=prefetch (should probably be allowed as soon as AMP caches can correctly change them).
I'd personally prefer a blacklist, but it is extremely hard to get it correct in terms of security and it will always be eventually wrong.
We should make another scrub of the microformats list!
Gregable
commented
8 years ago As @cramforce mentioned, we are forced to approach this as a whitelist of values since some of them control client (browser) behavior and the list of such is not well-defined. Unfortunately.
If I recall correctly, I think I simply ignored these when I went through since there was no documentation on the microformats.org site about what these tags did: the links are stubs on the site with no additional documentation. They are also listed as not allowed in <link> tags. I wanted to be conservative for the above browser-behavior reason. I'm happy to add them in as well as any other non-browser-behavior values.
Space-separated values are not a problem here, though they were in the past.
Gregable
commented
8 years ago This change is live everywhere. Please reopen if you spot any issues.
The AMP validator is saying that XFN rel values like "friend met colleague" are invalid. They aren't.
I believe the validator is using the rel registry as a whitelist: http://microformats.org/wiki/existing-rel-values
XFN values are listed there. This could be the validator having issues with space separated rel values.
Related: why does the validator care about rel values at all? Why have the whitelist?