W3C home > Mailing lists > Public > www-html@w3.org > August 2002

Re: New html security tag

From: Nicolás Lichtmaier <nick@technisys.com.ar>
Date: Wed, 21 Aug 2002 21:47:18 -0300
To: www-html@w3.org
Message-ID: <ak1c8i$ubj$1@main.gmane.org>

> <html>
> ...
> web app's html
> ...
> <p>A user's comment:</p>
> <security block="action_tags" id="SECURITY_TAG_ID"
> report_to="/security.php">
> Here goes the user's data, comments, hmtl, etc.
> All harmless html code is rendered, but code enabling tags
> (java/script,activex and other not known/implemented dangerous tags)
> stuff is ignored.
> </security id="SECURITY_TAG_ID">
> ...
> The rest of the app's html.
> ...
> </html>

Interesting suggestion. It could be shaped like this:

This attribute in every block element:

trust    (trusted|marginal|untrusted)    trusted

	scripting elements will be ignored
	Well.. this is harder... It would work like this (taking JavaScript as 
an example). It would replace the "window" global object with another 
window object with restricted functionality. window.document would have 
access only to the document fragment inside the area.

All of this would be part of the "scripting" module...
Received on Wednesday, 21 August 2002 20:47:37 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:06:00 UTC