|Subject:||Broken HTML parsing|
The HTML "parser" in lib/Net/OpenID/Consumer.pm function _find_semantic_info assumes that every document has a <head> start tag and a </head> end tag. As a result, it fails to parse perfectly valid HTML documents with the following error message: "Couldn't find OpenID servers due to no head tag." This is a serious violation of the HTML standard. It also assumes that the body starts with a <body> tag, which seems not to cause immediate problems, however. But it makes the defence agains injecting a HTML code less reliable. The module should probably use HTML::Parser, not a broken homebrew ad-hoc parser.