W3C home > Mailing lists > Public > public-html@w3.org > February 2009

Re: What's the problem? "Reuse of 1998 XHTML namespace is potentially misleading/wrong"

From: Jonas Sicking <jonas@sicking.cc>
Date: Wed, 11 Feb 2009 16:22:18 -0800
Message-ID: <63df84f0902111622h42318e92u95b9e46650a086fa@mail.gmail.com>
To: Lachlan Hunt <lachlan.hunt@lachy.id.au>
Cc: Larry Masinter <masinter@adobe.com>, HTML WG <public-html@w3.org>

On Wed, Feb 11, 2009 at 3:56 PM, Lachlan Hunt <lachlan.hunt@lachy.id.au> wrote:
> * Renaming <script> to <handler>
>  - Unnecessarily renaming, effectively introduces a second element for
>    exactly the same purpose.

This is something i'd be very concerned about. I don't care that much
about the fact that there would be two elements with exactly, or
almost, the same functionality. The only downside with that would be a
little implementation hassle and maybe some author confusion.

The much bigger problem is a security concern. There are loads of
sites out there that filter out <script> elements from things like
blog comments and forum postings to avoid XSS issues. It would be a
big problem if this could be worked around by attackers by simply
using <handler> instead.

/ Jonas
Received on Thursday, 12 February 2009 00:22:53 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:15:42 UTC