- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 19 Sep 2012 21:08:25 -0400
- To: public-webappsec@w3.org
On 9/19/12 4:19 PM, Adam Barth wrote:
> On Tue, Sep 18, 2012 at 5:12 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
>> On 9/18/12 6:40 PM, Mike West wrote:
>>>> * doc.body.setAttribute("style", "...");
>> ...
>>>> * doc.body.style.background = "...";
>>
>> There is no functional different between those two. Especially not if you
>> actually consider:
>>
>> doc.body.style.cssText = "....";
>
> There isn't a functional difference, but there is a semantic
> difference. One is manipulating the DOM style attribute (which then
> gets reflected in the styles themselves). The other is manipulating
> the styles themselves (which then gets reflected into the DOM style
> attribute).
Yes, but in which case is this semantic difference something someone
writing a CSP would care about, given that the resulting functionality
is identical?
-Boris
Received on Thursday, 20 September 2012 01:08:54 UTC