W3C home > Mailing lists > Public > public-script-coord@w3.org > January to March 2013

Re: E4H and constructing DOMs

From: Mike Samuel <mikesamuel@gmail.com>
Date: Thu, 7 Mar 2013 20:54:25 -0500
Message-ID: <CACod6GtUFjoJ0Djd7mMftjVn8RetUvs-+ar2NzVHhWD2MF7Gzw@mail.gmail.com>
To: "public-script-coord@w3.org" <public-script-coord@w3.org>
[Resending as I dropped CC]

2013/3/7 Adam Barth <w3c@adambarth.com>:
> I don't think I fully understood your message because it was quite
> long and contained many complex external references.  What I've
> understood you to say is that you've managed to work around the
> limitations of the current string-based template design by building a
> complex mechanism for automatically escaping untrusted data.

I designed the current string-based template design to interface well
with a simple grammar driven approach.

> Rather than forcing authors to layer complex (and therefore
> error-prone) systems on top of a string-based template system, we
> should instead provide authors with an AST-based template system that
> avoids these security pitfalls.

Did you read my critique of AST-based template systems?
Received on Friday, 8 March 2013 01:54:52 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 8 May 2013 19:30:09 UTC