This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
A highly necessary function of the validator no longer works. My students work on password protected Web sites. I check their uploaded files with the W3 validator. Since the checker no longer validates password protected URLs, it is no longer feasible for me to check their work for invalid code. Like you, I want to encourage my students - the XHTML and XML programmers of tomorrow - to use your specifications and write valid code. But you also know, that "trusting" the students to submit valid code for grading will not support this practice. Ultimately, I would have to eliminate this checking process from my instructional method. For a teacher at a community college, the validator is the cop at the traffic light. I'd like to trust all my students to always follow lawful driving practices. But, if not, I need the ability to give them a ticket. I can only do this if I can validate code that the students publish within the safety of our password protected area of our college Web.
I think the configuration of your web server changed, your example document returns something like % http-head http://tblankenbeckler.southwest.tn.edu/itec2010127 HTTP/1.1 401 Access Denied Server: Microsoft-IIS/5.0 Date: Fri, 18 Jun 2004 23:22:26 GMT WWW-Authenticate: Negotiate WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="tblankenbeckler.southwest.tn.edu" Connection: close Content-Length: 4431 WWW-Authenticate: Digest qop="auth", realm="tblankenbeckler.southwest.tn.edu", nonce="74f94ebb7cc80878022421200000268fa9a864190960eec3d519679f88e1" Content-Type: text/html and the Validator gets confused by the multiple WWW-Authenticate headers. It seems the code was never prepared to handle this properly.
Looking at the code, there are a number of flaws, ... $authHeader =~ s( realm=([\'\"])?([^\1]+)\1){ realm="$realm-$2"}; ... This cannot work as expected as the \1 is not evaluated inside the [^...], the next flaw is ... <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> <html lang="en" xml:lang="en"> ... I removed the xml:lang="en" as it is not allowed in HTML 4.01, then ... <p> The URL you specified, <<a href="$resource">$resource</a>>, returned a 401 "authorization required" response when I tried to download it. </p> ... $resource must be passed to ent(...) so that special characters get escaped.
I have added some code to deal with multiple WWW-Authenticate headers to CVS. Unfortunately I cannot test this in a too wide range of situations, but the usual basic authentication cases still work for me. jmcgrory, we have a test version up at http://validator.w3.org:8001/ containing the new code. Could you test that and report back if it fixes the problem or not? Thanks in advance!
Yes! It works! Thank you also for adding the http://validator.w3.org:8001/ to the successful validation code. Thank you so much for resolving this problem. In doing so, you have made it feasible for me to check the work of my students and to enforce valid practice in their coding. Additionally, my students have enjoyed participating in this resolution process. They were impressed that at the speed and professionalism with which the W3C (and the Web community) responded to the problem. Thanks again. I consider this item resolved.
Thanks for the confirmation. This fix will be included in the next release of the validator. In the meantime, you can continue to use the :8001 version, but please keep in mind that it is not a production release, and that as soon as the next production one is out, it is recommended to switch to the "normal" version running at http://validator.w3.org/ (port 80).
Although this bug was resolved a few weeks ago, it is now incorrectly disabled. It is absolutely essential that my students - who work on a password protected area of the server - be capable of validating their code from the Web server by adding the following code to each page: <a href="http://validator.w3.org:8001/check?uri=referer"> <img src="../images/XHTML11_logo.gif" alt="Valid XHTML 1.1!" height="31" width="88" /> </a> If we can't validate from a password protected server - which was possible but now is not - then these processes cannot be taught to our future Web developers. I was so impressed by your help. As a class, we were all impressed by your responsiveness. We need you to continue to support this validation code.
Nevermind - thank you - I see that you moved this into production and so the traditional validation code works. Thank you! So sorry for my compliant - this is resolved! <p> <a href="http://validator.w3.org/check?uri=referer"> <img src="../images/XHTML11_logo.gif" alt="Valid XHTML 1.1!" height="31" width="88" /> </a> </p>
the service on :8001 is working again... But by all means, keep using the production service, which should be more stable. Thanks,
Although the problem was once corrected, the problem has reoccured. The problem as described below is also apparent in the CSS validator. Please help! My students and I must have a resolution of this problem!