- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 19 Oct 2011 16:12:45 +0900
- To: "public-script-coord@w3.org" <public-script-coord@w3.org>
I just noticed https://bugzilla.mozilla.org/show_bug.cgi?id=695577 (removing E4X from ES "use strict") which reminded me of a discussion we had on the DOM mailing list about a simpler way to create elements and tree structures without resorting to string concatenation. String concatenation can lead to injection attacks (see SQL, PHP, etc.) and correctness checking happens (too) late in the game. Markup literals in ECMAScript (i.e. E4X) solve these problems. They make creating a DOM structure easy. They allow for templating. Mistakes are noticed at compile time. We should probably add an easy way to add event listeners or at least event handlers without resorting to strings, but since only Mozilla implements markup literals thus far we should be able to make changes, I think. We should also make some simplifications. Supporting XMLComment, XMLCDATA, and XMLPI seems unneeded. Namespaces should probably go and instead we should favor what HTML allows for, i.e. HTML, SVG, and MathML. Instead of XPath we could use Selectors. We can simplify the API. We could even add some HTML features, such as unquoted attributes, for ease of authoring. And now the W3C and TC39 have closer coordination we should be able to more tightly couple it with the DOM, to make this a feature that is really quite useful to authors. Thoughts? -- Anne van Kesteren http://annevankesteren.nl/
Received on Wednesday, 19 October 2011 07:13:37 UTC