W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: clipboard events

From: Hallvord R. M. Steen <hallvord@opera.com>
Date: Tue, 04 Jan 2011 13:35:38 +0900
To: "Robert O'Callahan" <robert@ocallahan.org>
Cc: public-webapps@w3.org
Message-ID: <op.vorodoqsa3v5gv@hr-opera.oslo.opera.com>
On Mon, 27 Dec 2010 14:24:39 +0900, Robert O'Callahan  
<robert@ocallahan.org> wrote:

> The sanitization algorithm needs to consider <style> elements and 'style'
> content attributes. Some browsers, e.g. IE, support CSS features that  
> allow script execution.

Good point. Would it be sufficient to say something like

"If the implementation supports embedding javascript: URLs or other forms  
of scripting inside CSS instructions, such scripts must be removed." ?

-- 
Hallvord R. M. Steen, Core Tester, Opera Software
http://www.opera.com http://my.opera.com/hallvors/
Received on Tuesday, 4 January 2011 04:35:54 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:42 GMT