W3C home > Mailing lists > Public > public-html@w3.org > April 2008

Re: several messages about New Vocabularies in text/html

From: Henri Sivonen <hsivonen@iki.fi>
Date: Thu, 3 Apr 2008 14:17:56 +0300
Cc: "Ian Hickson" <ian@hixie.ch>, "Sam Ruby" <rubys@us.ibm.com>, public-html@w3.org, www-math@w3.org
Message-Id: <B59A0BE0-0F64-4C07-9792-45E662804BC3@iki.fi>
To: Jeff Schiller <codedread@gmail.com>

On Apr 3, 2008, at 14:00, Jeff Schiller wrote:
> At least from a parsing perspective, this 'new processing mode' that  
> Sam and others have suggested (for lack of a better term, 'XML5' ?)  
> should suck up the character stream until it finds the matching  
> closing tag.  If it _NEVER_ receives the closing tag, then it should  
> reject the entire stream, passing all the characters back to the  
> HTML5 parser.


Solutions with which different parts of the page become scripts  
depending of where you put the EOF are no good from a security point  
of view. (Already explored numerous times.)

On top of that, rewinding the stream partially is even worse from the  
implementation point of view that rewinding the stream fully as in the  
encoding sniffing case.

-- 
Henri Sivonen
hsivonen@iki.fi
http://hsivonen.iki.fi/
Received on Thursday, 3 April 2008 11:18:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:14 GMT