W3C home > Mailing lists > Public > public-script-coord@w3.org > January to March 2013

Re: E4H and constructing DOMs

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 11 Mar 2013 23:32:48 +0000 (UTC)
To: Mike Samuel <mikesamuel@gmail.com>
cc: "public-script-coord@w3.org" <public-script-coord@w3.org>
Message-ID: <Pine.LNX.4.64.1303112326080.15713@ps20323.dreamhostps.com>
On Mon, 11 Mar 2013, Mike Samuel wrote:
> 
> Ok.  So it's not a goal of E4H to be safe against XSS by default then.

Autoescaping isn't safe by default either, by that definition.

E4H's design goals were:

 - to provide compile-time syntax checking for in-script DOM tree creation
 - to provide in-script DOM tree creation in a terse and intuitive fashion
 - to provide syntactic sugar for the most common use cases for in-script 
   DOM tree creation, specifically:
    * inserting strings into attribute values
    * inserting strings into element contents
    * setting HTML boolean attributes conditionally based on an expression
 - to have good performance characteristics:
    * only parse things once
    * minimise string copying
    * avoid using the HTML parser
 - to have good security characteristics:
    * provide a model that is conceptually simple
    * allow arbitrary strings to be embedded in DOM trees in a way that
      does not allow arbitrary elements or attributes to be created

I believe it succeeds at all of these, though I am happy to hear 
suggestions for how to better address them or how to address other goals 
if those can be met without compromising on the above.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 11 March 2013 23:33:13 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 8 May 2013 19:30:09 UTC