W3C home > Mailing lists > Public > public-html@w3.org > May 2009

Re: HTML interpreter vs. HTML user agent

From: Maciej Stachowiak <mjs@apple.com>
Date: Sun, 31 May 2009 15:50:26 -0700
Cc: Adam Barth <w3c@adambarth.com>, Sam Ruby <rubys@intertwingly.net>, Anne van Kesteren <annevk@opera.com>, "Roy T. Fielding" <fielding@gbiv.com>, HTML WG <public-html@w3.org>
Message-id: <CE880F51-9C1D-4486-9846-C33D2B161A7B@apple.com>
To: Larry Masinter <masinter@adobe.com>

On May 31, 2009, at 7:54 AM, Larry Masinter wrote:

> About Safari's feed reader, Maciej wrote:
>
>> 2) We can also display a user-selected collection of feeds as one
>> document, again displayed as HTML.
>> 3) We don't execute any script that came from the feed in the context
>> of generated HTML document. At the very least due to point #2 this
>> would be insecure.
>> 4) We don't let any web page access the contents of the generated  
>> HTML
>> document via script.
>
> Doesn't this somehow create a "restricted HTML" which is allowed in
> a feed? The HTML in a feed can't be scripted at all? Or the scripts
> can't access the HTML of their subsection?
>
> I was wondering how HTML-in-webmail could work, since the HTML of
> the mail needs to be embedded in the HTML of the webmail client  
> itself.

Current Mail clients (and, effectively, Safari's display of HTML  
snippets from RSS or Atom) disable scripting.

>
> Where in the HTML spec is this addressed?

The HTML spec has a conformance class for "User agents with no  
scripting support" that would apply to this situation. It doesn't say  
what kinds of implementations should or should not enable scripting,  
as that may change over time.

Regards,
Maciej
Received on Sunday, 31 May 2009 22:51:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:37 GMT