W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2007

[whatwg] validate attribute in <A>

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 6 Nov 2007 02:52:55 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0711060249470.30809@hixie.dreamhostps.com>
On Mon, 5 Nov 2007, Jon Barnett wrote:
> On 11/5/07, Ian Hickson <ian at hixie.ch> wrote:
> >
> > Philip brought up a good point on IRC which is that hashing the entity
> > doesn't protect against changes to the headers (and hashing the headers
> > isn't workable since they change).
> 
> If it were to be crammed into HTML, it would be nice if it were done 
> like this: <a href="..." type="application/octet-stream; md5=xxx">

That doesn't really address the problem of unexpected hostile HTTP 
headers, though (like Set-Cookie or Location with a 301 response code).

It was also later pointed out that this idea would also make incremental 
rendering more difficult to achieve.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 5 November 2007 18:52:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:47:42 GMT