W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: clipboard events

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 03 Jan 2011 14:28:45 +0100
To: "Hallvord R. M. Steen" <hallvord@opera.com>, "Robert O'Callahan" <robert@ocallahan.org>
Cc: public-webapps@w3.org
Message-ID: <op.voqid6c164w2qv@anne-van-kesterens-macbook-pro.local>
On Mon, 27 Dec 2010 06:24:39 +0100, Robert O'Callahan  
<robert@ocallahan.org> wrote:
> The sanitization algorithm needs to consider <style> elements and 'style'
> content attributes. Some browsers, e.g. IE, support CSS features that  
> allow script execution.

I think it might be better to define this in the opposite way. I.e. list  
the things we want to allow through. This will probably lead to a longer  
list, but at least safeguards against future features and gives the right  
example to people who happen to look at this document for sanitizing ideas.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Monday, 3 January 2011 13:29:21 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:42 GMT