W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: clipboard events

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 03 Jan 2011 14:28:45 +0100
To: "Hallvord R. M. Steen" <hallvord@opera.com>, "Robert O'Callahan" <robert@ocallahan.org>
Cc: public-webapps@w3.org
Message-ID: <op.voqid6c164w2qv@anne-van-kesterens-macbook-pro.local>
On Mon, 27 Dec 2010 06:24:39 +0100, Robert O'Callahan  
<robert@ocallahan.org> wrote:
> The sanitization algorithm needs to consider <style> elements and 'style'
> content attributes. Some browsers, e.g. IE, support CSS features that  
> allow script execution.

I think it might be better to define this in the opposite way. I.e. list  
the things we want to allow through. This will probably lead to a longer  
list, but at least safeguards against future features and gives the right  
example to people who happen to look at this document for sanitizing ideas.

Anne van Kesteren
Received on Monday, 3 January 2011 13:29:21 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:29 UTC