W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2012

Re: Proposal: Document.parse() [AKA: Implied Context Parsing]

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 5 Jun 2012 09:58:02 +0200
Message-ID: <CADnb78gzERo=DLJyWmaT1Dmz5k1u46ksY6wJSz6XLHUgzPD2cg@mail.gmail.com>
To: Adam Barth <w3c@adambarth.com>
Cc: Ian Hickson <ian@hixie.ch>, Rafael Weinstein <rafaelw@google.com>, Webapps WG <public-webapps@w3.org>
On Tue, Jun 5, 2012 at 2:10 AM, Adam Barth <w3c@adambarth.com> wrote:
> Doesn't e4h have the same security problems as e4x?

If you mean http://code.google.com/p/doctype-mirror/wiki/ArticleE4XSecurity
I guess that would depend on how we define it.

A (bigger?) problem with E4H/H4E is that TC39 does not like it:
http://lists.w3.org/Archives/Public/public-script-coord/2011OctDec/thread.html#msg33
I'm not as optimistic as them that quasis just solve this (not compile
time, nobody has actually written out the "safehtml" definition), but
TC39 being against it does not help.


-- 
Anne — Opera Software
http://annevankesteren.nl/
http://www.opera.com/
Received on Tuesday, 5 June 2012 09:37:47 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:52 GMT