W3C home > Mailing lists > Public > public-html@w3.org > March 2011

[Bug 12235] New: Make <xmp> conforming

From: <bugzilla@jessica.w3.org>
Date: Fri, 04 Mar 2011 02:46:18 +0000
To: public-html@w3.org
Message-ID: <bug-12235-2495@http.www.w3.org/Bugs/Public/>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=12235

           Summary: Make <xmp> conforming
           Product: HTML WG
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: Simetrical+w3cbug@gmail.com
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-wg-issue-tracking@w3.org,
                    public-html@w3.org


The HTML parser supports <xmp> to suppress parsing of content.  This would be
really useful when writing up sample HTML markup by hand, like in specs.  I
hate having to write &lt;b>Foo&lt;/b> and so on, I always do it really slowly
and make mistakes.  <xmp> should be added as having identical semantics to
<pre>, but with special parsing behavior.  Obviously, it wouldn't work the same
in XML, just like <script> and so on.

The obvious issue with <xmp> is authors might use it to automatically wrap user
input, which stops inadvertent XSS but won't protect against a malicious
attack.  But it's a pretty obscure element, and I don't expect making it valid
will make it so much more popular that authors will create many extra XSS
vulnerabilities because of it.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Received on Friday, 4 March 2011 02:46:20 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:23 UTC