[Bug 28326] New: Remove isindex parsing logic

https://www.w3.org/Bugs/Public/show_bug.cgi?id=28326

            Bug ID: 28326
           Summary: Remove isindex parsing logic
           Product: HTML WG
           Version: unspecified
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5 spec
          Assignee: dave.null@w3.org
          Reporter: travil@microsoft.com
        QA Contact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-admin@w3.org,
                    public-html-wg-issue-tracking@w3.org

The purpose of this bug is to drive consensus on whether the special-case
isindex parsing logic should be removed from the HTML spec.

In [1] we see the discussion and ensuing removal of this logic from Google's
Blink engine (affecting two user agents).

Most recently, in Microsoft's Project Spartan, we've followed Blink's lead for
interop. It's too early for us to tell the effect on our compatibility that
this will have. Now we will have two browser engines not supporting the
parser's fix-up logic. I'd like to see at least Firefox join us and get the
spec updated to remove this special case logic to legitimize these recent
changes. If not, perhaps there is good reason to keep the spec as-is, and
possible reverse Project Spartan's recent decision.

Reasons to remove:
* I've heard that XSS bypass attacks are more easily possible (the original
concern for the Blink removal).
* Very little usage of the legacy tag (isindex).

Reasons to keep
* Compatibility with early HTML

[1]
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/14q_I06gwg8/0a3JI0kjbC0J

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Tuesday, 24 March 2015 19:37:26 UTC