W3C home > Mailing lists > Public > public-html@w3.org > January to March 2007

Re: XML input control

From: Alexander Graf <a.graf@aetherworld.org>
Date: Tue, 27 Mar 2007 14:37:41 +0200
Message-Id: <019D0E86-48ED-4A22-A2C2-A370C930EEEC@aetherworld.org>
Cc: public-html@w3.org
To: Henrik Dvergsdal <henrik.dvergsdal@hibo.no>


On 27.03.2007, at 14:29, Henrik Dvergsdal wrote:

>> How exactly should such a control look, in your opinion?
>
> I think it should be rendered much like the content of an object  
> element, except that it should be reserved for input tools that  
> produce xml markup (crude text editors, WYSIWYG editors - whatever).

Ok so it should be a container which will contain other tools?

>> Additionally, you have to check submitted form data on the server  
>> side too
>
> I don't think so. If the content  is validated by the browser  
> before it is sent back to the server, manual insertion etc. will  
> have to occur beneath the browser - at HTTP protocol level. And we  
> have to trust what's happening there don't we?

Not at all... If the form submits via GET, all I have to do is add a  
parameter in the URL.
You *always* have to check for valid input on the server side, else  
you make attacks
possible...

Best,
Alexander Graf
Received on Tuesday, 27 March 2007 12:37:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2007 12:37:57 GMT