W3C home > Mailing lists > Public > public-html@w3.org > June 2011

Re: Should script execution be allowed in designMode documents?

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 30 Jun 2011 16:44:17 -0400
Message-ID: <4E0CE021.5000107@mit.edu>
To: Aryeh Gregor <Simetrical+w3c@gmail.com>
CC: HTML WG <public-html@w3.org>
On 6/30/11 4:24 PM, Aryeh Gregor wrote:
> Personally, I think the restriction makes no sense at all.

That's because you're presupposing what people are using HTML editors 
for, I think.

> Is there any reason in favor of the status quo other than possibly compat

Maybe.  See below.

> (which can't be a huge deal if Chrome hasn't seen issues)

Have they not?  When did they change the behavior from the one seen in 
Safari 5?

> I can't fathom why it was ever this way to begin with.

For one thing because in the context of a wysiwyg HTML editor (think 
something like an authoring tool, as opposed to a wysiwyg pretty text 
editor that happens to use HTML as its data representation but hides it 
completely) it makes no sense to run the scripts as the author authors them.

In Gecko's case, whole-document designMode is based on code written to 
support the former use case (the old suite's HTML editor, in particular).

contenteditable, on the other hand, is clearly a "take this bit of 
pretty text and let the user play with it" use case, not a "create an 
HTML document possibly with some attached behavior" use case....

Received on Thursday, 30 June 2011 20:44:54 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:16:14 UTC