- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 03 Jan 2011 14:28:45 +0100
- To: "Hallvord R. M. Steen" <hallvord@opera.com>, "Robert O'Callahan" <robert@ocallahan.org>
- Cc: public-webapps@w3.org
On Mon, 27 Dec 2010 06:24:39 +0100, Robert O'Callahan <robert@ocallahan.org> wrote: > The sanitization algorithm needs to consider <style> elements and 'style' > content attributes. Some browsers, e.g. IE, support CSS features that > allow script execution. I think it might be better to define this in the opposite way. I.e. list the things we want to allow through. This will probably lead to a longer list, but at least safeguards against future features and gives the right example to people who happen to look at this document for sanitizing ideas. -- Anne van Kesteren http://annevankesteren.nl/
Received on Monday, 3 January 2011 13:29:21 UTC