- From: Alexander Graf <a.graf@aetherworld.org>
- Date: Tue, 27 Mar 2007 14:37:41 +0200
- To: Henrik Dvergsdal <henrik.dvergsdal@hibo.no>
- Cc: public-html@w3.org
On 27.03.2007, at 14:29, Henrik Dvergsdal wrote: >> How exactly should such a control look, in your opinion? > > I think it should be rendered much like the content of an object > element, except that it should be reserved for input tools that > produce xml markup (crude text editors, WYSIWYG editors - whatever). Ok so it should be a container which will contain other tools? >> Additionally, you have to check submitted form data on the server >> side too > > I don't think so. If the content is validated by the browser > before it is sent back to the server, manual insertion etc. will > have to occur beneath the browser - at HTTP protocol level. And we > have to trust what's happening there don't we? Not at all... If the form submits via GET, all I have to do is add a parameter in the URL. You *always* have to check for valid input on the server side, else you make attacks possible... Best, Alexander Graf
Received on Tuesday, 27 March 2007 12:37:57 UTC